All the vulnerabilites related to Fortinet - FortiManager
var-202207-0070
Vulnerability from variot

A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. FortiManager and FortiAnalyzer Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager has a security vulnerability

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0070",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.8"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.8"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26118"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.8",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.4",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.8",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.4",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26118"
      }
    ]
  },
  "cve": "CVE-2022-26118",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-015257",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-26118",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-26118",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-015257",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-410",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26118"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26118"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-410"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. FortiManager and FortiAnalyzer Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager has a security vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "db": "VULHUB",
        "id": "VHN-416879"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-26118",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-410",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070535",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3267",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-416879",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26118",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416879"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26118"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-410"
      }
    ]
  },
  "id": "VAR-202207-0070",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416879"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:06:38.868000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-056",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-21-056"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201342"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-410"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.1
      },
      {
        "problemtype": "Improper authority management (CWE-269) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26118"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/psirt/fg-ir-21-056"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26118"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortinet-fortimanager-fortianalyzer-privilege-escalation-38741"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-26118/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3267"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070535"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26118"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-410"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-416879"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-26118"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26118"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-410"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-416879"
      },
      {
        "date": "2023-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "date": "2022-07-18T18:15:09.070000",
        "db": "NVD",
        "id": "CVE-2022-26118"
      },
      {
        "date": "2022-07-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-410"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-416879"
      },
      {
        "date": "2023-09-26T05:03:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      },
      {
        "date": "2022-07-25T14:12:44.407000",
        "db": "NVD",
        "id": "CVE-2022-26118"
      },
      {
        "date": "2022-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-410"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-410"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 and \u00a0FortiAnalyzer\u00a0 Vulnerability in privilege management in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015257"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-410"
      }
    ],
    "trust": 0.6
  }
}

var-202110-0149
Vulnerability from variot

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0149",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-36170"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-36170"
      }
    ]
  },
  "cve": "CVE-2021-36170",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-398091",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-36170",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "LOW",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.5,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-36170",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-36170",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202110-220",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-398091",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-36170",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398091"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36170"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36170"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36170"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-36170"
      },
      {
        "db": "VULHUB",
        "id": "VHN-398091"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36170"
      }
    ],
    "trust": 1.08
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-36170",
        "trust": 1.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021100604",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3288",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-220",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-398091",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36170",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398091"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36170"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36170"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ]
  },
  "id": "VAR-202110-0149",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398091"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:49:03.611000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fortinet FortiManager VM  and FortiAnalyzerVm Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164903"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398091"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36170"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-21-112"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-logged-sensitive-information-via-forticloud-credentials-36600"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3288"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36170"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021100604"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/522.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398091"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36170"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36170"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-398091"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-36170"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36170"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398091"
      },
      {
        "date": "2021-10-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-36170"
      },
      {
        "date": "2021-10-06T10:15:07.873000",
        "db": "NVD",
        "id": "CVE-2021-36170"
      },
      {
        "date": "2021-10-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398091"
      },
      {
        "date": "2021-10-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-36170"
      },
      {
        "date": "2021-10-14T14:10:34.840000",
        "db": "NVD",
        "id": "CVE-2021-36170"
      },
      {
        "date": "2021-10-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager VM and FortiAnalyzerVm Information disclosure vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-220"
      }
    ],
    "trust": 0.6
  }
}

var-202210-0408
Vulnerability from variot

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path. fortinet's FortiManager and FortiAnalyzer Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. The following products and versions are affected: FortiAnalyzer versions 7.0.0 to 7.0.3, 6.4.0 to 6.4.8, 6.2.0 to 6.2.9, 6.0.0 to 6.0.11, 5.6.0 to 5.6. 11 versions, FortiManager GUI versions 7.0.0 to 7.0.3, 6.4.0 to 6.4.8, 6.2.0 to 6.2.9, 6.0.0 to 6.0.11, 5.6.0 to 5.6.11

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202210-0408",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.11"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.11"
      },
      {
        "model": "fortimanager",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.0.0  greater than  6.0.11  to"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.0  greater than  7.0.3  to"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "5.6.0  greater than  5.6.11  to"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.2.0  greater than  6.2.9  to"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.0  greater than  6.4.8  to"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26121"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.11",
                "versionStartExcluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartExcluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartExcluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.8",
                "versionStartExcluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartExcluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.11",
                "versionStartExcluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartExcluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartExcluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.8",
                "versionStartExcluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartExcluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26121"
      }
    ]
  },
  "cve": "CVE-2022-26121",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.2,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-26121",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-26121",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-26121",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202210-359",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26121"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-359"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path. fortinet\u0027s FortiManager and FortiAnalyzer Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. The following products and versions are affected: FortiAnalyzer versions 7.0.0 to 7.0.3, 6.4.0 to 6.4.8, 6.2.0 to 6.2.9, 6.0.0 to 6.0.11, 5.6.0 to 5.6. 11 versions, FortiManager GUI versions 7.0.0 to 7.0.3, 6.4.0 to 6.4.8, 6.2.0 to 6.2.9, 6.0.0 to 6.0.11, 5.6.0 to 5.6.11",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-26121"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "db": "VULHUB",
        "id": "VHN-416882"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-26121",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-359",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-416882",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416882"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-359"
      }
    ]
  },
  "id": "VAR-202210-0408",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416882"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:54:46.958000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-22-026",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-22-026"
      },
      {
        "title": "Fortinet FortiManager  and FortiAnalyzer Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=210013"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-359"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-668",
        "trust": 1.1
      },
      {
        "problemtype": "Leakage of resources to the wrong area (CWE-668) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416882"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26121"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/psirt/fg-ir-22-026"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26121"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-26121/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortinet-fortianalyzer-fortimanager-information-disclosure-via-gui-template-image-39500"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-416882"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-359"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-416882"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-26121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-359"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-416882"
      },
      {
        "date": "2023-10-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "date": "2022-10-10T14:15:09.727000",
        "db": "NVD",
        "id": "CVE-2022-26121"
      },
      {
        "date": "2022-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-359"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-416882"
      },
      {
        "date": "2023-10-24T02:20:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      },
      {
        "date": "2022-10-12T18:44:41.780000",
        "db": "NVD",
        "id": "CVE-2022-26121"
      },
      {
        "date": "2022-10-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202210-359"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-359"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "fortinet\u0027s \u00a0FortiManager\u00a0 and \u00a0FortiAnalyzer\u00a0 Vulnerability in leaking resources to the wrong area in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-018953"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202210-359"
      }
    ],
    "trust": 0.6
  }
}

var-202107-0632
Vulnerability from variot

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the diagnose system geoip-city command with a large ip value. FortiAnalyzer CLI and FortiManager CLI Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. There is a security vulnerability in FortiAnalyzer, which is caused by triggering a buffer overflow by diagnosing Fortinet FortiManager, FortiAnalyzer. An attacker could exploit this vulnerability to trigger a denial of service and potentially run code

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0632",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24022"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24022"
      }
    ]
  },
  "cve": "CVE-2021-24022",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 2.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-24022",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-382740",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 0.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-24022",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-24022",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-24022",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202107-415",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-382740",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-24022",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24022"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24022"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-415"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value. FortiAnalyzer CLI and FortiManager CLI Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. There is a security vulnerability in FortiAnalyzer, which is caused by triggering a buffer overflow by diagnosing Fortinet FortiManager, FortiAnalyzer. An attacker could exploit this vulnerability to trigger a denial of service and potentially run code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-382740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24022"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-24022",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021071404",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2381",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-415",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-382740",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24022",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24022"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-415"
      }
    ]
  },
  "id": "VAR-202107-0632",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382740"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:06:26.830000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-20-194",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-20-194"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.1
      },
      {
        "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24022"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-20-194"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-24022"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021071404"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortinet-fortimanager-fortianalyzer-buffer-overflow-via-diagnose-35841"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2381"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/120.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24022"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-415"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-382740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24022"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24022"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-415"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382740"
      },
      {
        "date": "2021-07-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-24022"
      },
      {
        "date": "2022-06-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      },
      {
        "date": "2021-07-20T11:15:11.410000",
        "db": "NVD",
        "id": "CVE-2021-24022"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-07-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-415"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382740"
      },
      {
        "date": "2021-07-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-24022"
      },
      {
        "date": "2022-06-14T07:04:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      },
      {
        "date": "2021-07-29T19:03:54.317000",
        "db": "NVD",
        "id": "CVE-2021-24022"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202107-415"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202107-415"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiAnalyzer\u00a0CLI\u00a0 and \u00a0FortiManager\u00a0CLI\u00a0 Classic buffer overflow vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010031"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0231
Vulnerability from variot

The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o

Description

Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"

References

[ 1 ] CVE-2014-8176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176 [ 2 ] CVE-2015-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788 [ 3 ] CVE-2015-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789 [ 4 ] CVE-2015-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790 [ 5 ] CVE-2015-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791 [ 6 ] CVE-2015-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792 [ 7 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201506-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. This could allow remote attackers to cause a denial of service (crash) or potentially execute arbitrary code. This could allow remote attackers to cause a denial of service. This could allow remote attackers to cause a denial of service (crash) via crafted ASN.1-encoded PKCS#7 blobs. This could allow remote attackers to cause a denial of service (crash). This could allow remote attackers to cause a denial of service.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u17.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u1.

For the testing distribution (stretch), these problems have been fixed in version 1.0.2b-1.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2b-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05184351

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05184351 Version: 1

HPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-07-05 Last Updated: 2016-07-05

Potential Security Impact: Remote Denial of Service (DoS), Unauthorized Access

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities in OpenSSL have been addressed with HPE network products including iMC, VCX, Comware 5 and Comware 7. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access.

Please refer to the RESOLUTION below for a list of impacted products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2014-8176
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-2015-1788
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2015-1789
  3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE-2015-1790
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-1791
  5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
  6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-2015-1792
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-1793
  6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

  https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI

d=emr_na-c01345499

RESOLUTION HPE has released the following software updates to resolve the vulnerabilities in the HP network products including iMC, VCX, Comware 5 and Comware 7.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P01
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P01
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1809P11
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P17
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1516
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P14
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2-48 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG315A HP 3100-48 v2 Switch
    • JG315B HP 3100-48 v2 Switch
  • HP870 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P46
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P46
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P46
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: R3181P07
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: R3811P05
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: R3820P06
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC165A) HP 6600 RPE-X1 Router Module
    • JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC176A) HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1111
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1109
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1516
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1108
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7376
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7170
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1138P01
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0321P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2138P01
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 5700 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7170
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit

iMC Products

  • iMC Plat - Version: iMC Plat 7.1 E0303P16
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
    • JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
    • JG659AAE HP IMC Smart Connect VAE E-LTU
    • JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
    • JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • iMC NSM - Version: iMC WSM 7.1 E0303P10
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.18
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

HISTORY Version:1 (rev.1) - 5 July 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project

Topic: Multiple OpenSSL vulnerabilities

Category: contrib Module: openssl Announced: 2015-06-12 Affects: All supported versions of FreeBSD. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. [CVE-2015-1791]

The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl.

III. [CVE-2015-4000]. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]

An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

[FreeBSD 9.3 and 8.4]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision


stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295


To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.4 (FreeBSD)

iQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8 BQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf pbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL JKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh vBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d eRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV HXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9 sLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R PrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I MMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ TyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe vVCM4Nyx4S9WDFOi76ug =dyhg -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) o CMS verify infinite loop with unknown hash function (CVE-2015-1792) o Race condition handling NewSessionTicket (CVE-2015-1791) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791 ( Security fix ) patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz 9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz 986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz 503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz 874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz 758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz 9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Slackware -current packages: 56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz 6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz

Slackware x86_64 -current packages: e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz 91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.

Please download the latest version of HPE Version Control Repository Manager (VCRM) (7.5.1) from the following location:

VCRM for Windows:

https://www.hp.com/swpublishing/MTX-b59b11be53744759a650eadeb4

VCRM for Linux is only available only with HPE Systems Insight Manager (HPE SIM):

https://www.hp.com/go/sim

HISTORY Version:1 (rev.1) - 12 May 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n

Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

CMS verify infinite loop with unknown hash function (CVE-2015-1792)

Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Race condition handling NewSessionTicket (CVE-2015-1791)

Severity: Low

If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.

Invalid free in DTLS (CVE-2014-8176)

Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0231",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver8.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "systemmanager ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "mcoperations ver3.6.2 to  ver4.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure eecs 2.0.6.2.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.10"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.11"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system z\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.15"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.18"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2\u00ae express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.6"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.14"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "db2\u00ae connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "db2 luw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5.0.6"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.04"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system i\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.9"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "websphere transformation extender secure adapter collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1.3"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.3"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.8"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system z\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.3"
      },
      {
        "model": "db2\u00ae connect? enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.3"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.2"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere transformation extender secure adapter collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1.1"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.11"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v310.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.9"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.03"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "db2 connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.6"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "smartcloud provisioning for software virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "db2\u00ae enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.10"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.4"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sterling connect:enterprise for unix ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "tivoli netcool system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "db2\u00ae workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "general parallel file system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0.28"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "db2\u00ae connect? enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.8"
      },
      {
        "model": "db2\u00ae advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.38"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "websphere transformation extender secure adapter collection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.0"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "db2\u00ae enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.3"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.0"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.4"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.11"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v39.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "db2\u00ae express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.5"
      },
      {
        "model": "smartcloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.7"
      },
      {
        "model": "db2 developer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "smartcloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "security directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "db2 luw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0.5"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.9"
      },
      {
        "model": "db2\u00ae workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system i\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "db2\u00ae advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.3.0"
      },
      {
        "model": "db2\u00ae connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.16"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.10"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.1"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "tivoli netcool system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "netinsight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.21.0"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "cloud manager with openstack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.12"
      },
      {
        "model": "db2 express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "db2\u00ae advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "mobile connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.5"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.6"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.17"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "db2\u00ae express edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "db2 connect enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "db2 connect unlimited edition for system i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "spectrum scale",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "db2 purescale feature",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "elastic storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "spectrum scale",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.0"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "tivoli netcool system service monitor fp14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system i\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "pureapplication system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.6"
      },
      {
        "model": "gpfs storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "pureapplication system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "general parallel file system",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "db2 connect application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.19"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.1"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "security directory server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.1"
      },
      {
        "model": "elastic storage server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "elastic storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "db2\u00ae connect? unlimited edition for system z\u00ae",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.07"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "db2 advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "tivoli monitoring",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.1"
      },
      {
        "model": "rational developer for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "tivoli endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "db2\u00ae advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "db2 advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.37"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "db2 purescale feature for enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "db2\u00ae connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "db2 connect unlimited edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "cloud orchestrator enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.0.1"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "db2\u00ae workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.20.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.3"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "db2\u00ae connect? enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "db2\u00ae advanced enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "gpfs storage server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "db2 workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "db2 connect? application server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.8"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "db2 enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "db2 connect application server advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.5"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "db2\u00ae advanced workgroup server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "personal communications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.6"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "cloud orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "db2\u00ae enterprise server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.3"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "db2 connect unlimited advanced edition for system z",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "spectrum scale",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1.1"
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Joseph Birr-Pixton",
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1788",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1788",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1788",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1788",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1o               \u003e= 0.9.8z_p7\n                                                            \u003e= 1.0.1o\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1o\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8176\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176\n[ 2 ] CVE-2015-1788\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788\n[ 3 ] CVE-2015-1789\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789\n[ 4 ] CVE-2015-1790\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790\n[ 5 ] CVE-2015-1791\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791\n[ 6 ] CVE-2015-1792\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792\n[ 7 ] CVE-2015-4000\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201506-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. This could allow remote attackers to cause a denial of service\n    (crash) or potentially execute arbitrary code. This\n    could allow remote attackers to cause a denial of service. This could allow remote attackers to cause a denial of\n    service (crash) via crafted ASN.1-encoded PKCS#7 blobs. This could allow remote attackers to cause\n    a denial of service (crash). This could allow remote attackers to cause\n    a denial of service. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u17. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u1. \n\nFor the testing distribution (stretch), these problems have been fixed\nin version 1.0.2b-1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2b-1. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05184351\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05184351\nVersion: 1\n\nHPSBHF03613 rev.1 - HPE Network Products including iMC, VCX, and Comware\nusing OpenSSL, Remote Denial of Service (DoS), Unauthorized Access\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-07-05\nLast Updated: 2016-07-05\n\nPotential Security Impact: Remote Denial of Service (DoS), Unauthorized\nAccess\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities in OpenSSL have been addressed with HPE\nnetwork products including iMC, VCX, Comware 5 and Comware 7. The\nvulnerabilities could be exploited remotely resulting in Denial of Service\n(DoS) or unauthorized access. \n\nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2014-8176\n      7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n      7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-1788\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1789\n      3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1790\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1791\n      5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L\n      6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n    CVE-2015-1792\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-1793\n      6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\n      6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\n      https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docI\nd=emr_na-c01345499\n\nRESOLUTION\nHPE has released the following software updates to resolve the\nvulnerabilities in the HP network products including iMC, VCX, Comware 5 and\nComware 7. \n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P01**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P01**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1809P11**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P17**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P14**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2-48 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG315A HP 3100-48 v2 Switch\n      - JG315B HP 3100-48 v2 Switch\n  + **HP870 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P46**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: R3811P05**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: R3820P06**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC165A) HP 6600 RPE-X1 Router Module\n      - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC176A) HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1111**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1109**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1108**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7376**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P01**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0321P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P01**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n\n**iMC Products**\n\n  + **iMC Plat - Version: iMC Plat 7.1 E0303P16**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG550AAE  HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n      - JG590AAE  HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n      - JG659AAE  HP IMC Smart Connect VAE E-LTU\n      - JG660AAE  HP IMC Smart Connect w/WLM VAE E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG766AAE  HP IMC SmCnct Vrtl Applnc SW E-LTU\n      - JG767AAE  HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **iMC NSM - Version: iMC WSM 7.1 E0303P10**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.18**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 5 July 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:10.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple OpenSSL vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-06-12\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)\n                2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)\n                2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)\n                2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)\n                2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)\n                2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)\nCVE Name:       CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791\n                CVE-2015-1792, CVE-2015-4000\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2015-1791]\n\nThe OpenSSL advisory also describes a problem that is identified as\nCVE-2014-8176, which is already fixed by an earlier FreeBSD Errata\nNotice, FreeBSD-EN-15:02.openssl. \n\nIII. [CVE-2015-4000]. \n[CVE-2015-1788].  This affects FreeBSD 10.1 only, as the problem\nwas no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]\n\nAn attacker may be able to crash multi-thread applications that\nsupports resumed TLS handshakes. [CVE-2015-1791]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 9.3 and 8.4]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r284286\nreleng/8.4/                                                       r284295\nstable/9/                                                         r284286\nreleng/9.3/                                                       r284295\nstable/10/                                                        r284285\nreleng/10.1/                                                      r284295\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150611.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:10.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.4 (FreeBSD)\n\niQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8\nBQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf\npbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL\nJKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh\nvBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d\neRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV\nHXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9\nsLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R\nPrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I\nMMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ\nTyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe\nvVCM4Nyx4S9WDFOi76ug\n=dyhg\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n  Fixes several bugs and security issues:\n   o Malformed ECParameters causes infinite loop (CVE-2015-1788)\n   o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n   o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n   o CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n   o Race condition handling NewSessionTicket (CVE-2015-1791)\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a  openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6  openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5  openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f  openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704  openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f  openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b  openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8  openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888  openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99  openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206  openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b  openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9  openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e  openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc  openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954  openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b  openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20  openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750  openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b  openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656  a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27  n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2  a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4  n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n\nPlease download the latest version of HPE Version Control Repository Manager\n(VCRM) (7.5.1) from the following location:\n\nVCRM for Windows:\n\nhttps://www.hp.com/swpublishing/MTX-b59b11be53744759a650eadeb4\n\nVCRM for Linux is only available only with HPE Systems Insight Manager (HPE\nSIM):\n\nhttps://www.hp.com/go/sim\n\nHISTORY\nVersion:1 (rev.1) - 12 May 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nRace condition handling NewSessionTicket (CVE-2015-1791)\n========================================================\n\nSeverity: Low\n\nIf a NewSessionTicket is received by a multi-threaded client when attempting to\nreuse a previous ticket then a race condition can occur potentially leading to\na double free of the ticket data. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1788",
        "trust": 2.9
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "75158",
        "trust": 1.4
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1032564",
        "trust": 1.1
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91445763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1788",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132291",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137772",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136989",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "id": "VAR-201506-0231",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-07-23T20:32:53.570000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "title": "bn/bn_gf2m.c: avoid infinite loop wich malformed ECParamters.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "HPSBHF03613",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "title": "Tarballs",
        "trust": 0.8,
        "url": "https://www.openssl.org/source/"
      },
      {
        "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1788",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1788"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/aravindb26/new.txt "
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 1.4,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/75158"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/4924b37ee01f71ae19c94a8934b80eeb2f677932"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032564"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1788"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963362"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962775"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005376"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966723"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022797"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098801"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962047"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962550"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964241"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962833"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961111"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964441"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903425"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005373"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005434"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961565"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962714"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962890"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964766"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967146"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969177"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21969271"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970667"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21972125"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974116"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000137"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978471"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022618"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005364"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965643"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43094"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4000\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:10.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/sim"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "db": "BID",
        "id": "75158"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75158"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "date": "2015-06-22T14:14:00",
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "date": "2015-06-15T15:43:16",
        "db": "PACKETSTORM",
        "id": "132291"
      },
      {
        "date": "2016-07-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "date": "2015-06-12T13:25:28",
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "date": "2015-06-12T13:17:58",
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "date": "2016-05-13T16:14:13",
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-12T19:59:01.600000",
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1788"
      },
      {
        "date": "2018-10-08T08:00:00",
        "db": "BID",
        "id": "75158"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      },
      {
        "date": "2022-12-13T12:15:14.860000",
        "db": "NVD",
        "id": "CVE-2015-1788"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/bn/bn_gf2m.c of  BN_GF2m_mod_inv Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003080"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "75158"
      }
    ],
    "trust": 0.3
  }
}

var-201904-0615
Vulnerability from variot

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. Fortinet FortiManager Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiManager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Fortinet FortiManager versions 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0615",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.0 to  5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.7",
                "versionStartIncluding": "5.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pavel German.",
    "sources": [
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2018-1360",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-1360",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-123675",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.1,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-1360",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1360",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201904-1088",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123675",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. Fortinet FortiManager Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiManager is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. \nFortinet FortiManager versions 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1360",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "108079",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1434",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-123675",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ]
  },
  "id": "VAR-201904-0615",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:18:47.971000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-18-051",
        "trust": 0.8,
        "url": "https://fortiguard.com/advisory/fg-ir-18-051"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91934"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/108079"
      },
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-18-051"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1360"
      },
      {
        "trust": 0.9,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.9,
        "url": "https://fortiguard.com/psirt/fg-ir-18-051"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1360"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-information-disclosure-via-rest-api-json-responses-29117"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/79762"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "db": "BID",
        "id": "108079"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-04-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "BID",
        "id": "108079"
      },
      {
        "date": "2019-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "date": "2019-04-25T18:29:00.333000",
        "db": "NVD",
        "id": "CVE-2018-1360"
      },
      {
        "date": "2019-04-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123675"
      },
      {
        "date": "2019-04-23T00:00:00",
        "db": "BID",
        "id": "108079"
      },
      {
        "date": "2019-05-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-1360"
      },
      {
        "date": "2019-10-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-004246"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201904-1088"
      }
    ],
    "trust": 0.6
  }
}

var-202006-1549
Vulnerability from variot

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. FortiManager Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1549",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.2.3"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9289"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9289"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-9289",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006884",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-187414",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2020-9289",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006884",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-9289",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006884",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-994",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-187414",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-9289",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187414"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. FortiManager Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-9289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "db": "VULHUB",
        "id": "VHN-187414"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9289"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-9289",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-994",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4387.3",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-33243",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-187414",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9289",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187414"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ]
  },
  "id": "VAR-202006-1549",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187414"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:17:00.217000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-19-007",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-19-007"
      },
      {
        "title": "Fortinet FortiManager  and FortiAnalyzer Repair measures for trust management problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124852"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2020-9289 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/synacktiv/cve-2020-9289 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2020-9289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187414"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9289"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/psirt/fg-ir-19-007"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9289"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9289"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-information-disclosure-via-hard-coded-cryptographic-key-32531"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4387.3/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/798.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2020-9289"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-187414"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-187414"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-9289"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-9289"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-06-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187414"
      },
      {
        "date": "2020-06-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9289"
      },
      {
        "date": "2020-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "date": "2020-06-16T21:15:11.470000",
        "db": "NVD",
        "id": "CVE-2020-9289"
      },
      {
        "date": "2020-06-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-10-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-187414"
      },
      {
        "date": "2022-10-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-9289"
      },
      {
        "date": "2020-07-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      },
      {
        "date": "2022-10-06T23:59:27.180000",
        "db": "NVD",
        "id": "CVE-2020-9289"
      },
      {
        "date": "2020-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager Vulnerability in using hard-coded credentials in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006884"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-994"
      }
    ],
    "trust": 0.6
  }
}

var-200512-0678
Vulnerability from variot

The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Fortinet FortiGate, FortiManager, and FortiClient products are prone to denial of service vulnerabilities. These issues are due to security flaws in Fortinet's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic. This issue was discovered with the PROTOS ISAKMP Test Suite and is related to the handling of malformed IKEv1 traffic.

For more information: SA17553

Several other bugs have also been fixed in this update. IKE will be reportedly be automatically restarted by FortiOS when it crashes.

FortiGate (version 2.80): Apply MR12 when available or contact technical support for a special build.

FortiGate (version 2.50): No patch available at this time.

FortiManager (version 2.80): No patch available at this time.

FortiClient: No patch available at this time.

The vulnerability is caused due to errors in the processing of IKEv1 Phase 1 protocol exchange messages. This can be exploited to cause a DoS. * Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T * Cisco PIX Firewall versions up to but not including 6.3(5) * Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4 * Cisco Firewall Services Module (FWSM) versions up to but not including 2.3(3) * Cisco VPN 3000 Series Concentrators versions up to but not including 4.1(7)H and 4.7(2)B * Cisco MDS Series SanOS versions up to but not including 2.1(2)

Note: For Cisco IOS, only images that contain the Crypto Feature Set are vulnerable.

SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software

PROVIDED AND/OR DISCOVERED BY: Oulu University Secure Programming Group (OUSPG) .

For more information: SA17553

Successful exploitation reportedly requires that the attacker is able to perform a full IKE negotiation with the affected system and requires authentication. * VPN-1/Firewall-1 NG with AI R54 prior to HFA_417. * VPN-1/Firewall-1 NG with AI R55 prior to HFA_16. * VPN-1/Firewall-1 NG with AI R55W prior to HFA_04. * VPN-1/Firewall-1 NG with AI R55P prior to HFA_06. * VPN-1 Pro NGX R60 prior to HFA_01. * Check Point Express CI R57. * Firewall-1 GX 3.0.

SOLUTION: Install the latest HFA (HotFix Accumulator).

Note: A fix will reportedly not be released for NG FP3. The vendor recommends upgrading to a recent version, and to the most recent HFA of this version.

The vendor reportedly will release hotfixes for Check Point Express CI and Firewall-1 GX 3.0 at a later date.

The vulnerability is related to: SA17553

SOLUTION: Refer to the original advisory from Nortel Networks for instructions how to apply fixes.

The vulnerability is related to: SA17553

Successful exploitation requires a weak racoon configuration (e.g. no lifetime proposal or obey mode), and using 3DES/SHA1/DH2.

TITLE: Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of Service

SECUNIA ADVISORY ID: SA17684

VERIFY ADVISORY: http://secunia.com/advisories/17684/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE:

From remote

OPERATING SYSTEM: Symantec Gateway Security 400 Series http://secunia.com/product/6175/ Symantec Gateway Security 300 Series http://secunia.com/product/6176/ Symantec Gateway Security 3.x http://secunia.com/product/6177/ Symantec Gateway Security 2.x http://secunia.com/product/3104/ Symantec Gateway Security 1.x http://secunia.com/product/876/ Symantec Firewall/VPN Appliance 100/200/200R http://secunia.com/product/552/

SOFTWARE: Symantec Enterprise Firewall (SEF) 8.x http://secunia.com/product/3587/

DESCRIPTION: Symantec has acknowledged a vulnerability in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information: SA17553

Successful exploitation causes a DoS of the dynamic VPN services.

The vulnerability has been reported in the following products. * Symantec Enterprise Firewall version 8.0 (Windows) * Symantec Enterprise Firewall version 8.0 (Solaris) * Symantec Gateway Security 5000 Series version 3.0 * Symantec Gateway Security 5400 version 2.0.1 * Symantec Gateway Security 5310 version 1.0 * Symantec Gateway Security 5200/5300 version 1.0 * Symantec Gateway Security 5100 * Symantec Gateway Security 400 version 2.0 * Symantec Gateway Security 300 version 2.0 * Symantec Firewall /VPN Appliance 200/200R * Symantec Firewall /VPN Appliance 100

SOLUTION: Apply hotfixes.

Symantec Enterprise Firewall version 8.0 (Windows): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html

Symantec Enterprise Firewall version 8.0 (Solaris): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html

Symantec Gateway Security 5000 Series version 3.0: Apply SGS3.0-2005114-02. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html

Symantec Gateway Security 5400 version 2.0.1: Apply SGS2.0.1-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html

Symantec Gateway Security 5310 version 1.0: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html

Symantec Gateway Security 5200/5300 version 1.0: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html

Symantec Gateway Security 5100: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html

Symantec Gateway Security 400 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html

Symantec Gateway Security 300 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html

Symantec Firewall /VPN Appliance 200/200R: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html

Symantec Firewall /VPN Appliance 100: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html

ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html

OTHER REFERENCES: SA17553: http://secunia.com/advisories/17553/


About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200512-0678",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "check point",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "nortel",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "openswan linux ipsec",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "qnx",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "stonesoft",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.50"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "BID",
        "id": "15997"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:2.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:2.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:fortinet:forticlient:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager:2.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              },
              {
                "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": false
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-4570"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovery is credited to NISCC, CERT-FI, and the Oulu University Secure Programming Group.",
    "sources": [
      {
        "db": "BID",
        "id": "15997"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-619"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2005-4570",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-15778",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2005-4570",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#226364",
            "trust": 0.8,
            "value": "16.54"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200512-619",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-15778",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "VULHUB",
        "id": "VHN-15778"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4570"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.  NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Fortinet FortiGate, FortiManager, and FortiClient products are prone to denial of service vulnerabilities. These issues are due to security flaws in Fortinet\u0027s IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic. \nThis issue was discovered with the PROTOS ISAKMP Test Suite and is related to the handling of malformed IKEv1 traffic. \n\nFor more information:\nSA17553\n\nSeveral other bugs have also been fixed in this update. IKE will\nbe reportedly be automatically restarted by FortiOS when it crashes. \n\nFortiGate (version 2.80):\nApply MR12 when available or contact technical support for a special\nbuild. \n\nFortiGate (version 2.50):\nNo patch available at this time. \n\nFortiManager (version 2.80):\nNo patch available at this time. \n\nFortiClient:\nNo patch available at this time. \r\n\r\nThe vulnerability is caused due to errors in the processing of IKEv1\nPhase 1 protocol exchange messages. This can be exploited to cause a\nDoS. \r\n* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T\r\n* Cisco PIX Firewall versions up to but not including 6.3(5)\r\n* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4\r\n* Cisco Firewall Services Module (FWSM) versions up to but not\nincluding 2.3(3)\r\n* Cisco VPN 3000 Series Concentrators versions up to but not\nincluding 4.1(7)H and 4.7(2)B\r\n* Cisco MDS Series SanOS versions up to but not including 2.1(2)\r\n\r\nNote: For Cisco IOS, only images that contain the Crypto Feature Set\nare vulnerable. \n\nSOLUTION:\nSee patch matrix in vendor advisory for information about fixes. \r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software\n\nPROVIDED AND/OR DISCOVERED BY:\nOulu University Secure Programming Group (OUSPG) . \n\nFor more information:\nSA17553\n\nSuccessful exploitation reportedly requires that the attacker is able\nto perform a full IKE negotiation with the affected system and\nrequires authentication. \n* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417. \n* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16. \n* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04. \n* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06. \n* VPN-1 Pro NGX R60 prior to HFA_01. \n* Check Point Express CI R57. \n* Firewall-1 GX 3.0. \n\nSOLUTION:\nInstall the latest HFA (HotFix Accumulator). \n\nNote: A fix will reportedly not be released for NG FP3. The vendor\nrecommends upgrading to a recent version, and to the most recent HFA\nof this version. \n\nThe vendor reportedly will release hotfixes for Check Point Express\nCI and Firewall-1 GX 3.0 at a later date. \r\n\r\nThe vulnerability is related to:\r\nSA17553\n\nSOLUTION:\nRefer to the original advisory from Nortel Networks for instructions\nhow to apply fixes. \n\nThe vulnerability is related to:\nSA17553\n\nSuccessful exploitation requires a weak racoon configuration (e.g. no\nlifetime proposal or obey mode), and using 3DES/SHA1/DH2. \n\nTITLE:\nSymantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of\nService\n\nSECUNIA ADVISORY ID:\nSA17684\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17684/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nSymantec Gateway Security 400 Series\nhttp://secunia.com/product/6175/\nSymantec Gateway Security 300 Series\nhttp://secunia.com/product/6176/\nSymantec Gateway Security 3.x\nhttp://secunia.com/product/6177/\nSymantec Gateway Security 2.x\nhttp://secunia.com/product/3104/\nSymantec Gateway Security 1.x\nhttp://secunia.com/product/876/\nSymantec Firewall/VPN Appliance 100/200/200R\nhttp://secunia.com/product/552/\n\nSOFTWARE:\nSymantec Enterprise Firewall (SEF) 8.x\nhttp://secunia.com/product/3587/\n\nDESCRIPTION:\nSymantec has acknowledged a vulnerability in various Symantec\nproducts, which can be exploited by malicious people to cause a DoS\n(Denial of Service). \n\nFor more information:\nSA17553\n\nSuccessful exploitation causes a DoS of the dynamic VPN services. \n\nThe vulnerability has been reported in the following products. \n* Symantec Enterprise Firewall version 8.0 (Windows)\n* Symantec Enterprise Firewall version 8.0 (Solaris)\n* Symantec Gateway Security 5000 Series version 3.0\n* Symantec Gateway Security 5400 version 2.0.1\n* Symantec Gateway Security 5310 version 1.0\n* Symantec Gateway Security 5200/5300 version 1.0\n* Symantec Gateway Security 5100\n* Symantec Gateway Security 400 version 2.0\n* Symantec Gateway Security 300\tversion 2.0\n* Symantec Firewall /VPN Appliance 200/200R\n* Symantec Firewall /VPN Appliance 100\n\nSOLUTION:\nApply hotfixes. \n\nSymantec Enterprise Firewall version 8.0 (Windows):\nApply SEF8.0-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html\n\nSymantec Enterprise Firewall version 8.0 (Solaris):\nApply SEF8.0-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html\n\nSymantec Gateway Security 5000 Series version 3.0:\nApply SGS3.0-2005114-02. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html\n\nSymantec Gateway Security 5400 version 2.0.1:\nApply SGS2.0.1-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html\n\nSymantec Gateway Security 5310 version 1.0:\nApply SG7004-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html\n\nSymantec Gateway Security 5200/5300 version 1.0:\nApply SG7004-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html\n\nSymantec Gateway Security 5100:\nApply SG7004-20051114-00. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html\n\nSymantec Gateway Security 400 version 2.0:\nUpdate to build 1103. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html\n\nSymantec Gateway Security 300 version 2.0:\nUpdate to build 1103. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html\n\nSymantec Firewall /VPN Appliance 200/200R:\nUpdate to build 1.8F. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html\n\nSymantec Firewall /VPN Appliance 100:\nUpdate to build 1.8F. \nhttp://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html\n\nORIGINAL ADVISORY:\nSymantec:\nhttp://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html\n\nOTHER REFERENCES:\nSA17553:\nhttp://secunia.com/advisories/17553/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-4570"
      },
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "BID",
        "id": "15997"
      },
      {
        "db": "VULHUB",
        "id": "VHN-15778"
      },
      {
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "db": "PACKETSTORM",
        "id": "43036"
      },
      {
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "db": "PACKETSTORM",
        "id": "41734"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "15997",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "18446",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-0182",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4570",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "17621",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17663",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17838",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17553",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17608",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17684",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "17668",
        "trust": 0.9
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2005.0924",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "VU#226364",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-619",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-15778",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41982",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "43036",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41515",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41614",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41586",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41791",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41739",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41734",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "VULHUB",
        "id": "VHN-15778"
      },
      {
        "db": "BID",
        "id": "15997"
      },
      {
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "db": "PACKETSTORM",
        "id": "43036"
      },
      {
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "db": "PACKETSTORM",
        "id": "41734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4570"
      }
    ]
  },
  "id": "VAR-200512-0678",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-15778"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:05:56.525000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2005-4570"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://www.fortinet.com/fortiguardcenter/vu226364.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/15997"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/18446"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/17553/"
      },
      {
        "trust": 1.2,
        "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/0182"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17608/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17621/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17684/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17668/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17663/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/17838/"
      },
      {
        "trust": 0.8,
        "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp"
      },
      {
        "trust": 0.8,
        "url": "http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82.htm"
      },
      {
        "trust": 0.8,
        "url": "http://www.auscert.org.au/5748"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/niscc/niscc-273756/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/0182"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5625/"
      },
      {
        "trust": 0.1,
        "url": "http://www.astaro.org/showflat.php?cat=\u0026number=63958\u0026page=0\u0026view=collapsed\u0026sb=5\u0026o=\u0026fpart=1#63958"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6800/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6802/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/18446/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6801/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6799/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2289/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/90/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/50/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6102/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/706/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/182/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/56/"
      },
      {
        "trust": 0.1,
        "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/5088/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6101/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2273/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3214/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/59/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/89/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6148/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6010/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6149/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2542/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6124/"
      },
      {
        "trust": 0.1,
        "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail\u0026documentoid=367651\u0026renditionid="
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6125/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6126/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/2576/"
      },
      {
        "trust": 0.1,
        "url": "https://clientweb.clavister.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.clavister.com/support/support_update_isakmp.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6205/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3352/"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/showfiles.php?group_id=74601\u0026package_id=74949\u0026release_id=372605"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9017454\u0026forum_id=32000"
      },
      {
        "trust": 0.1,
        "url": "http://sourceforge.net/project/shownotes.php?release_id=372605\u0026group_id=74601"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3104/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6177/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3587/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6175/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6176/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/552/"
      },
      {
        "trust": 0.1,
        "url": "http://securityresponse.symantec.com/avcenter/security/content/2005.11.21.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/876/"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "VULHUB",
        "id": "VHN-15778"
      },
      {
        "db": "BID",
        "id": "15997"
      },
      {
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "db": "PACKETSTORM",
        "id": "43036"
      },
      {
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "db": "PACKETSTORM",
        "id": "41734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4570"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "db": "VULHUB",
        "id": "VHN-15778"
      },
      {
        "db": "BID",
        "id": "15997"
      },
      {
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "db": "PACKETSTORM",
        "id": "43036"
      },
      {
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "db": "PACKETSTORM",
        "id": "41734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2005-4570"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2005-11-17T00:00:00",
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "date": "2005-12-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-15778"
      },
      {
        "date": "2005-12-08T00:00:00",
        "db": "BID",
        "id": "15997"
      },
      {
        "date": "2005-12-01T18:48:38",
        "db": "PACKETSTORM",
        "id": "41982"
      },
      {
        "date": "2006-01-14T05:07:24",
        "db": "PACKETSTORM",
        "id": "43036"
      },
      {
        "date": "2005-11-15T06:02:23",
        "db": "PACKETSTORM",
        "id": "41515"
      },
      {
        "date": "2005-11-19T21:56:12",
        "db": "PACKETSTORM",
        "id": "41614"
      },
      {
        "date": "2005-11-19T21:56:12",
        "db": "PACKETSTORM",
        "id": "41586"
      },
      {
        "date": "2005-11-30T04:03:08",
        "db": "PACKETSTORM",
        "id": "41791"
      },
      {
        "date": "2005-11-22T18:19:46",
        "db": "PACKETSTORM",
        "id": "41739"
      },
      {
        "date": "2005-11-22T18:19:46",
        "db": "PACKETSTORM",
        "id": "41734"
      },
      {
        "date": "2005-12-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-619"
      },
      {
        "date": "2005-12-29T11:03:00",
        "db": "NVD",
        "id": "CVE-2005-4570"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-01-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#226364"
      },
      {
        "date": "2011-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-15778"
      },
      {
        "date": "2005-12-08T00:00:00",
        "db": "BID",
        "id": "15997"
      },
      {
        "date": "2005-12-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200512-619"
      },
      {
        "date": "2011-03-08T02:28:29.907000",
        "db": "NVD",
        "id": "CVE-2005-4570"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-619"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#226364"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200512-619"
      }
    ],
    "trust": 0.6
  }
}

var-201908-0051
Vulnerability from variot

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. Fortinet FortiManager Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Fortinet FortiManager and Fortinet FortiManager VM are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager VM is a centralized network security management platform for virtual machines. The platform can group devices into different management domains (ADOMs) for secure deployment and management. There is a security vulnerability in Fortinet FortiManager VM versions before 6.2.0 and 6.0.6. The vulnerability is caused by the lack of root file system integrity check in the program. An attacker could exploit this vulnerability to inject third-party programs

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0051",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.2.1"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6695"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:virtual_machine:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6695"
      }
    ]
  },
  "cve": "CVE-2019-6695",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2019-6695",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-158130",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-6695",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-6695",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-1931",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158130",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1931"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. Fortinet FortiManager Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Fortinet FortiManager and Fortinet FortiManager VM are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiManager VM is a centralized network security management platform for virtual machines. The platform can group devices into different management domains (ADOMs) for secure deployment and management. There is a security vulnerability in Fortinet FortiManager VM versions before 6.2.0 and 6.0.6. The vulnerability is caused by the lack of root file system integrity check in the program. An attacker could exploit this vulnerability to inject third-party programs",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6695"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158130"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6695",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1931",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "44162",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-158130",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1931"
      }
    ]
  },
  "id": "VAR-201908-0051",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158130"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:02:07.162000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-19-017",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-19-017"
      },
      {
        "title": "Fortinet FortiManager VM Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=96983"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1931"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-345",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-20",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6695"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-19-017"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6695"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6695"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/44162"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1931"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-158130"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6695"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1931"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158130"
      },
      {
        "date": "2019-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "date": "2019-08-23T21:15:12.193000",
        "db": "NVD",
        "id": "CVE-2019-6695"
      },
      {
        "date": "2019-08-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1931"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-03-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158130"
      },
      {
        "date": "2019-08-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      },
      {
        "date": "2023-03-01T18:38:45.647000",
        "db": "NVD",
        "id": "CVE-2019-6695"
      },
      {
        "date": "2023-03-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-1931"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1931"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager Input validation vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008216"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-1931"
      }
    ],
    "trust": 0.6
  }
}

var-201512-0482
Vulnerability from variot

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. OpenSSL is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-10-27-1 Xcode 8.1

Xcode 8.1 is now available and addresses the following:

IDE Xcode Server Available for: OS X El Capitan v10.11.5 and later Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues existed in Node.js in Xcode Server. These issues were addressed by updating to Node.js version 4.5.0. CVE-2016-1669 CVE-2016-0705 CVE-2016-0797 CVE-2016-0702 CVE-2016-2086 CVE-2016-2216 CVE-2015-8027 CVE-2015-3193 CVE-2015-3194 CVE-2015-6764

Xcode 8.1 may be obtained from:

https://developer.apple.com/xcode/downloads/

To check that the Xcode has been updated:

  • Select Xcode in the menu bar
  • Select About Xcode
  • The version after applying this update will be "8.1". ============================================================================ Ubuntu Security Notice USN-2830-1 December 07, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. A remote attacker could possibly use this issue to break encryption. (CVE-2015-3193)

Lo=C3=AFc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1 signatures with a missing PSS parameter. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2015-3194)

Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. (CVE-2015-3195)

It was discovered that OpenSSL incorrectly handled PSK identity hints. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2830-1 CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322 Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-21 Last Updated: 2017-02-21

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2015-1794 - Remote Denial of Service (DoS)
  • CVE-2015-3193 - Remote disclosure of sensitive information
  • CVE-2015-3194 - Remote Denial of Service (DoS)
  • CVE-2015-3195 - Remote disclosure of sensitive information
  • CVE-2015-3196 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-1794
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3193
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-3194
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3195
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3196
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2516
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2516
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2516
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2516
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2516
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2516
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2516
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: See Mitigation
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P02
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P02
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 6125G/XG Blade Switch - Version: R2112P05
    • HP Network Products
    • 737220-B21 HP 6125G Blade Switch with TAA
    • 737226-B21 HP 6125G/XG Blade Switch with TAA
    • 658250-B21 HP 6125G/XG Blade Switch Opt Kit
    • 658247-B21 HP 6125G Blade Switch Opt Kit
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1810P03
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P21
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1517
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P15
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2111P01
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2 (Comware 5) - Version: R5213P01
    • HP Network Products
    • JD313B HPE 3100 24 PoE v2 EI Switch
    • JD318B HPE 3100 8 v2 EI Switch
    • JD319B HPE 3100 16 v2 EI Switch
    • JD320B HPE 3100 24 v2 EI Switch
    • JG221A HPE 3100 8 v2 SI Switch
    • JG222A HPE 3100 16 v2 SI Switch
    • JG223A HPE 3100 24 v2 SI Switch
  • HP870 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P51
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P44
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P44
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HPE FlexNetwork 6608 Router Chassis
    • JC178A HPE FlexNetwork 6604 Router Chassis
    • JC178B HPE FlexNetwork 6604 Router Chassis
    • JC496A HPE FlexNetwork 6616 Router Chassis
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC176A HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1113
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1112
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1517P01
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1110
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch
  • NJ5000 - Version: R1107
    • HP Network Products
    • JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7180
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1150
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0322P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2150
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 6125XLG - Version: R2432P01
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
  • 6127XLG - Version: R2432P01
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
  • Moonshot - Version: R2432P01
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
  • 5700 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7180
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
  • 5510HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
  • 5130HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

iMC Products

  • IMC PLAT - Version: 7.2 E0403P04
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • IMC iNode - Version: 7.2 E0407
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC UAM_TAM - Version: 7.1 E0406
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • IMC WSM - Version: 7.2 E0502P04
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 21 February 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEcBAEBCAAGBQJYrLMnAAoJELXhAxt7SZaiF8wH/3YruymhIoADdbuMZwr+LWqo FC2sM1bBsBSOc1sUJCjMqyIlHqXhugsz2SnMqkhyVL+icWrpj7DoH0JYAOfVW8sN nJqBmv+p16bIWeNEhOouSzzvxaXgcA8YtnEKTbPqi2wzvi4slUVzN3mHFa0BbgrO qvgr2UNU1V9SFxj1VA0BkJqXrinu7YmWyIl1VeccZJQX0LI9DIkgIKcYqU88E7jC CAd/P8CBwQvj0+hfYSysab5U1I1exk0rUXcX3Wmp/56LbgT5jrGjx6O9cvFZyE5O Bi/Xlu/GDBa6pw3kZsPEH5dqohLFFA0R7ayvg7f4ggfrskWrQn8c7RgogVw2FLs= =yvIR -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. This update fixes the following security issues: BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193). X509_ATTRIBUTE memory leak (CVE-2015-3195). Race condition handling PSK identify hint (CVE-2015-3196). Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). For more information, see: https://openssl.org/news/secadv_20151203.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196 ( Security fix ) patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz 0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz 122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz 2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz 483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz 17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz 52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz 156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Slackware -current packages: 27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz 940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz

Slackware x86_64 -current packages: 8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz 87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [26 Jan 2017] ========================================

Truncated packet could crash via OOB read (CVE-2017-3731)

Severity: Moderate

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash.

For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d

For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k

This issue was reported to OpenSSL on 13th November 2016 by Robert Święcki of Google. The fix was developed by Andy Polyakov of the OpenSSL development team.

Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)

Severity: Moderate

If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

OpenSSL 1.1.0 users should upgrade to 1.1.0d

This issue does not affect OpenSSL version 1.0.2.

Note that this issue was fixed prior to it being recognised as a security concern. This means the git commit with the fix does not contain the CVE identifier. The relevant fix commit can be identified by commit hash efbe126e3.

This issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients.

UPDATE 31 Jan 2017. The original text said For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. This is not true. DHE key re-use was removed by commit c5b831f for 1.0.2 or commit ffaef3f for 1.1.0 on 17 December 2015

Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.

OpenSSL 1.1.0 users should upgrade to 1.1.0d OpenSSL 1.0.2 users should upgrade to 1.0.2k

This issue was reported to OpenSSL on 15th January 2017 by the OSS-Fuzz project. The fix was developed by Andy Polyakov of the OpenSSL development team.

Montgomery multiplication may produce incorrect results (CVE-2016-7055)

Severity: Low

This issue was previously fixed in 1.1.0c and covered in security advisory https://www.openssl.org/news/secadv/20161110.txt

OpenSSL 1.0.2 users should upgrade to 1.0.2k

Note

Support for version 1.0.1 ended on 31st December 2016. Support for versions 0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer receiving security updates.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20170126.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html . OpenSSL Security Advisory [07 Dec 2017] ========================================

Read/write after SSL object in error state (CVE-2017-3737)

Severity: Moderate

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer.

In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error.

This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation).

Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The issue was originally found via the OSS-Fuzz project. OpenSSL Security Advisory [27 Mar 2018] ========================================

Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)

Severity: Moderate

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0482",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.1.1"
      },
      {
        "model": "node.js",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.1.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "oncommand unified manager for clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "oncommand report",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "altavault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "ctpview 7.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ctpview 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.17"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.16"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.19"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014111002"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014091001"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090801"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090800"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090300"
      },
      {
        "model": "mq light client module for node.js 1.0.2014091000-red",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.9"
      },
      {
        "model": "datapower gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.12"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.5"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.4"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.2"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortiwan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.3"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortidb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4.0650"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.633"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.091"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2.1"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.5"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "ctpview 7.3r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ctpview 7.1r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.11"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.18"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3.16.00"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.38.00"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.6"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.10"
      },
      {
        "model": "datapower gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.13"
      },
      {
        "model": "wx5004-ei (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "vsr (comware e0322p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vcx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.8.19"
      },
      {
        "model": "(comware r1517p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v19105)"
      },
      {
        "model": "u200s and cs (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "u200a and m (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smb1920 (comware r1112",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smb1910 (comware r1113",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smb (comware r1110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16205)"
      },
      {
        "model": "secblade fw (comware r3181p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "nj5000 r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr4000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr3000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr2000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr20-1x (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr20 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr1000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9xx5)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "93x5)"
      },
      {
        "model": "msr 50-g2 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "505)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-1x5)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-165)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "305)"
      },
      {
        "model": "moonshot r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "imc wsm e0502p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "imc uam tam e0406",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "imc plat e0403p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "imc inode e0407",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "hsr6800 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "hsr6800 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "hsr6800 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hsr6602 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "hsr6602 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hsr6600 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "hp870 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp850 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp830 (comware r3507p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hp6000 (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "f5000-a (comware f3210p26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "a6600 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "9500e (comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r2150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75007)"
      },
      {
        "model": "(comware r6710p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75005)"
      },
      {
        "model": "ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66025"
      },
      {
        "model": "rse ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "rpe ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "6127xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "6125xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "6125g/xg blade switch r2112p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59307)"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59007)"
      },
      {
        "model": "(comware r1118p13",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58305)"
      },
      {
        "model": "(comware r1810p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58005)"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57007)"
      },
      {
        "model": "5510hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "5500si (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "hi (comware r5501p21",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "5130hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51307)"
      },
      {
        "model": "si (comware r1517",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "4800g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "4500g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "4210g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r5319p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36105)"
      },
      {
        "model": "(comware r2111p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v25)"
      },
      {
        "model": "(comware r5213p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v25)"
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19507)"
      },
      {
        "model": "(comware r1150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129007)"
      },
      {
        "model": "(comware r7377",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125007)"
      },
      {
        "model": "(comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125005)"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105007)"
      },
      {
        "model": "(comware r1210p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105005)"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.2",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.3",
                "versionStartIncluding": "4.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hanno B\u00f6ck",
    "sources": [
      {
        "db": "BID",
        "id": "78705"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3193",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-3193",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3193",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-073",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3193",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. OpenSSL is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-10-27-1 Xcode 8.1\n\nXcode 8.1 is now available and addresses the following:\n\nIDE Xcode Server\nAvailable for:  OS X El Capitan v10.11.5 and later\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: Multiple issues existed in Node.js in Xcode Server. \nThese issues were addressed by updating to Node.js version 4.5.0. \nCVE-2016-1669\nCVE-2016-0705\nCVE-2016-0797\nCVE-2016-0702\nCVE-2016-2086\nCVE-2016-2216\nCVE-2015-8027\nCVE-2015-3193\nCVE-2015-3194\nCVE-2015-6764\n\nXcode 8.1 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"8.1\". ============================================================================\nUbuntu Security Notice USN-2830-1\nDecember 07, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nGuy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange\nfor an anonymous DH ciphersuite with the value of p set to 0. A remote\nattacker could possibly use this issue to cause OpenSSL to crash, resulting\nin a denial of service. A remote\nattacker could possibly use this issue to break encryption. (CVE-2015-3193)\n\nLo=C3=AFc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1\nsignatures with a missing PSS parameter. A remote attacker could possibly\nuse this issue to cause OpenSSL to crash, resulting in a denial of service. \n(CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed\nX509_ATTRIBUTE structures. A remote attacker could possibly use this issue\nto cause OpenSSL to consume resources, resulting in a denial of service. \n(CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints. A\nremote attacker could possibly use this issue to cause OpenSSL to crash,\nresulting in a denial of service. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libssl1.0.0                     1.0.2d-0ubuntu1.2\n\nUbuntu 15.04:\n  libssl1.0.0                     1.0.1f-1ubuntu11.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.16\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.32\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2830-1\n  CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3195,\n  CVE-2015-3196\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-1794 - Remote Denial of Service (DoS)\n  - CVE-2015-3193 - Remote disclosure of sensitive information\n  - CVE-2015-3194 - Remote Denial of Service (DoS)\n  - CVE-2015-3195 - Remote disclosure of sensitive information\n  - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-1794\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3193\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-3194\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3195\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3196\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: See Mitigation**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P02**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P02**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **6125G/XG Blade Switch - Version: R2112P05**\n    * HP Network Products\n      - 737220-B21 HP 6125G Blade Switch with TAA\n      - 737226-B21 HP 6125G/XG Blade Switch with TAA\n      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n      - 658247-B21 HP 6125G Blade Switch Opt Kit\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1810P03**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P21**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1517**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P15**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2111P01**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2 (Comware 5) - Version: R5213P01**\n    * HP Network Products\n      - JD313B HPE 3100 24 PoE v2 EI Switch\n      - JD318B HPE 3100 8 v2 EI Switch\n      - JD319B HPE 3100 16 v2 EI Switch\n      - JD320B HPE 3100 24 v2 EI Switch\n      - JG221A HPE 3100 8 v2 SI Switch\n      - JG222A HPE 3100 16 v2 SI Switch\n      - JG223A HPE 3100 24 v2 SI Switch\n  + **HP870 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P51**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HPE FlexNetwork 6608 Router Chassis\n      - JC178A HPE FlexNetwork 6604 Router Chassis\n      - JC178B HPE FlexNetwork 6604 Router Chassis\n      - JC496A HPE FlexNetwork 6616 Router Chassis\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1113**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1112**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1517P01**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1110**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n  + **NJ5000 - Version: R1107**\n    * HP Network Products\n      - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5510HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n  + **5130HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n  + **IMC PLAT - Version: 7.2 E0403P04**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **IMC iNode - Version: 7.2 E0407**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC UAM_TAM - Version: 7.1 E0406**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **IMC WSM - Version: 7.2 E0502P04**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJYrLMnAAoJELXhAxt7SZaiF8wH/3YruymhIoADdbuMZwr+LWqo\nFC2sM1bBsBSOc1sUJCjMqyIlHqXhugsz2SnMqkhyVL+icWrpj7DoH0JYAOfVW8sN\nnJqBmv+p16bIWeNEhOouSzzvxaXgcA8YtnEKTbPqi2wzvi4slUVzN3mHFa0BbgrO\nqvgr2UNU1V9SFxj1VA0BkJqXrinu7YmWyIl1VeccZJQX0LI9DIkgIKcYqU88E7jC\nCAd/P8CBwQvj0+hfYSysab5U1I1exk0rUXcX3Wmp/56LbgT5jrGjx6O9cvFZyE5O\nBi/Xlu/GDBa6pw3kZsPEH5dqohLFFA0R7ayvg7f4ggfrskWrQn8c7RgogVw2FLs=\n=yvIR\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n  This update fixes the following security issues:\n  BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193). \n  X509_ATTRIBUTE memory leak (CVE-2015-3195). \n  Race condition handling PSK identify hint (CVE-2015-3196). \n  Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). \n  For more information, see:\n    https://openssl.org/news/secadv_20151203.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d  openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483  openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e  openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f  openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7  openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec  openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b  openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b  openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94  openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306  openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7  openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb  openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90  openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b  openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71  openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f  openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88  openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a  openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16  openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7  openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9  a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16  n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b  a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0  n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \nOpenSSL Security Advisory [26 Jan 2017]\n========================================\n\nTruncated packet could crash via OOB read (CVE-2017-3731)\n=========================================================\n\nSeverity: Moderate\n\nIf an SSL/TLS server or client is running on a 32-bit host, and a specific\ncipher is being used, then a truncated packet can cause that server or client\nto perform an out-of-bounds read, usually resulting in a crash. \n\nFor OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305;\nusers should upgrade to 1.1.0d\n\nFor Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have\nnot disabled that algorithm should update to 1.0.2k\n\nThis issue was reported to OpenSSL on 13th November 2016 by Robert \u015awi\u0119cki of\nGoogle. The fix was developed by Andy Polyakov of the OpenSSL development team. \n\nBad (EC)DHE parameters cause a client crash (CVE-2017-3730)\n===========================================================\n\nSeverity: Moderate\n\nIf a malicious server supplies bad parameters for a DHE or ECDHE key exchange\nthen this can result in the client attempting to dereference a NULL pointer\nleading to a client crash. This could be exploited in a Denial of Service\nattack. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0d\n\nThis issue does not affect OpenSSL version 1.0.2. \n\nNote that this issue was fixed prior to it being recognised as a security\nconcern. This means the git commit with the fix does not contain the CVE\nidentifier. The relevant fix commit can be identified by commit hash efbe126e3. \n\nThis issue was reported to OpenSSL on 14th January 2017 by Guido Vranken. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. \n\nUPDATE 31 Jan 2017.  The original text said\n    For example this can occur by\n    default in OpenSSL DHE based SSL/TLS ciphersuites. \nThis is not true.  DHE key re-use was removed by commit c5b831f for 1.0.2\nor commit ffaef3f for 1.1.0 on 17 December 2015\n\nNote: This issue is very similar to CVE-2015-3193 but must be treated as\na separate problem. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0d\nOpenSSL 1.0.2 users should upgrade to 1.0.2k\n\nThis issue was reported to OpenSSL on 15th January 2017 by the OSS-Fuzz project. \nThe fix was developed by Andy Polyakov of the OpenSSL development team. \n\nMontgomery multiplication may produce incorrect results (CVE-2016-7055)\n=======================================================================\n\nSeverity: Low\n\nThis issue was previously fixed in 1.1.0c and covered in security advisory\nhttps://www.openssl.org/news/secadv/20161110.txt\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2k\n\n\nNote\n====\n\nSupport for version 1.0.1 ended on 31st December 2016. Support for versions\n0.9.8 and 1.0.0 ended on 31st December 2015. Those versions are no longer\nreceiving security updates. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20170126.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. \nOpenSSL Security Advisory [07 Dec 2017]\n========================================\n\nRead/write after SSL object in error state (CVE-2017-3737)\n==========================================================\n\nSeverity: Moderate\n\nOpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\"\nmechanism. The intent was that if a fatal error occurred during a handshake then\nOpenSSL would move into the error state and would immediately fail if you\nattempted to continue the handshake. This works as designed for the explicit\nhandshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),\nhowever due to a bug it does not work correctly if SSL_read() or SSL_write() is\ncalled directly. In that scenario, if the handshake fails then a fatal error\nwill be returned in the initial function call. If SSL_read()/SSL_write() is\nsubsequently called by the application for the same SSL object then it will\nsucceed and the data is passed without being decrypted/encrypted directly from\nthe SSL/TLS record layer. \n\nIn order to exploit this issue an application bug would have to be present that\nresulted in a call to SSL_read()/SSL_write() being issued after having already\nreceived a fatal error. \n\nThis only affects processors that support the AVX2 but not ADX extensions\nlike Intel Haswell (4th generation). \n\nDue to the low severity of this issue we are not issuing a new release of\nOpenSSL 1.1.0 at this time. The issue was originally found via the OSS-Fuzz project. \nOpenSSL Security Advisory [27 Mar 2018]\n========================================\n\nConstructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)\n==========================================================================================\n\nSeverity: Moderate\n\nConstructed ASN.1 types with a recursive definition (such as can be found in\nPKCS7) could eventually exceed the stack given malicious input with\nexcessive recursion. There are\nno such structures used within SSL/TLS that come from untrusted sources so this\nis considered safe. \nThis allows an attacker to forge messages that would be considered as\nauthenticated in an amount of tries lower than that guaranteed by the security\nclaims of the scheme. The module can only be compiled by the HP-UX assembler, so\nthat only HP-UX PA-RISC targets are affected",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      },
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3193",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "78705",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.7
      },
      {
        "db": "ISC",
        "id": "AA-01438",
        "trust": 1.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4325",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073",
        "trust": 0.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10203",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3193",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139380",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134652",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141239",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134859",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169650",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169655",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169626",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "id": "VAR-201512-0482",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.43503637333333334
  },
  "last_update_date": "2024-07-04T21:07:09.468000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL\u0027BN_mod_exp\u0027 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58935"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201701-37] openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201701-37"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201701-36] lib32-openssl: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201701-36"
      },
      {
        "title": "Red Hat: CVE-2015-3193",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3193"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=525e4e31765e47b9e53b24e880af9d6e"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "bignum-fuzz",
        "trust": 0.1,
        "url": "https://github.com/hannob/bignum-fuzz "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3193 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2017-3732 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2017-3738 "
      },
      {
        "title": "fuzzing-stuff",
        "trust": 0.1,
        "url": "https://github.com/alphaseclab/fuzzing-stuff "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/aravindb26/new.txt "
      },
      {
        "title": "afl-cve",
        "trust": 0.1,
        "url": "https://github.com/mrash/afl-cve "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.7,
        "url": "https://blog.fuzzing-project.org/31-fuzzing-math-miscalculations-in-openssls-bn_mod_exp-cve-2015-3193.html"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288317"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.539966"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "https://kb.isc.org/article/aa-01438"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/78705"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d73cc256c8e256c32ed959456101b73ba9842f72"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/pages/node/1106811"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4325/"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.3,
        "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2016/oct/msg00005.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974168"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982172"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982608"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.3,
        "url": "https://www.openssl.org/policies/secpolicy.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3732"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0701"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3738"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3736"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/hannob/bignum-fuzz"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42528"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2086"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8027"
      },
      {
        "trust": 0.1,
        "url": "https://developer.apple.com/xcode/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6764"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1669"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://openssl.org/news/secadv_20151203.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20161110.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-7055"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20170126.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3731"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3730"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20171207.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3737"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20180327.txt"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0733"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "db": "BID",
        "id": "78705"
      },
      {
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "date": "2015-12-03T00:00:00",
        "db": "BID",
        "id": "78705"
      },
      {
        "date": "2016-10-28T12:22:22",
        "db": "PACKETSTORM",
        "id": "139380"
      },
      {
        "date": "2015-12-07T16:36:58",
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "date": "2017-02-23T17:10:09",
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "date": "2015-12-16T20:20:47",
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "date": "2017-01-26T12:12:12",
        "db": "PACKETSTORM",
        "id": "169650"
      },
      {
        "date": "2017-12-07T12:12:12",
        "db": "PACKETSTORM",
        "id": "169655"
      },
      {
        "date": "2018-03-27T12:12:12",
        "db": "PACKETSTORM",
        "id": "169626"
      },
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "date": "2015-12-06T20:59:02.613000",
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3193"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "78705"
      },
      {
        "date": "2023-02-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      },
      {
        "date": "2023-02-13T00:47:51.587000",
        "db": "NVD",
        "id": "CVE-2015-3193"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u2018 BN_mod_exp Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-073"
      }
    ],
    "trust": 0.6
  }
}

var-202203-0910
Vulnerability from variot

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. FortiManager There is a vulnerability related to information leakage.Information may be obtained. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. Fortinet fortimanager has an access control error vulnerability, which is caused by improper access restrictions. Local users can view FortiGate user credentials through configuration conflict files

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0910",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.7"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22303"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.2",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22303"
      }
    ]
  },
  "cve": "CVE-2022-22303",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2022-22303",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-410857",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.1,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-22303",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-22303",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-22303",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-027",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-410857",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22303",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410857"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-027"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22303"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22303"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file. FortiManager There is a vulnerability related to information leakage.Information may be obtained. Fortinet FortiGate is a network security platform developed by Fortinet. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. Fortinet fortimanager has an access control error vulnerability, which is caused by improper access restrictions. Local users can view FortiGate user credentials through configuration conflict files",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "db": "VULHUB",
        "id": "VHN-410857"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22303"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22303",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2022030123",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0860",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-027",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-18532",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-410857",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22303",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410857"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-027"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22303"
      }
    ]
  },
  "id": "VAR-202203-0910",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410857"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-02-13T22:59:40.860000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-165",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-21-165"
      },
      {
        "title": "Fortinet FortiGate Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=184549"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-rce "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-22303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-027"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      },
      {
        "problemtype": "information leak (CWE-200) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22303"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/psirt/fg-ir-21-165"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22303"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0860"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22303/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022030123"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-information-disclosure-via-config-conflict-file-cleartext-password-37682"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410857"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-027"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22303"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-410857"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22303"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-027"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22303"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-410857"
      },
      {
        "date": "2022-03-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22303"
      },
      {
        "date": "2023-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "date": "2022-03-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-027"
      },
      {
        "date": "2022-03-02T10:15:08.037000",
        "db": "NVD",
        "id": "CVE-2022-22303"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-410857"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22303"
      },
      {
        "date": "2023-07-12T07:40:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      },
      {
        "date": "2022-03-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-027"
      },
      {
        "date": "2022-03-10T15:21:23.030000",
        "db": "NVD",
        "id": "CVE-2022-22303"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-027"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 Vulnerability regarding information leakage in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007129"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-027"
      }
    ],
    "trust": 0.6
  }
}

var-202109-0400
Vulnerability from variot

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. FortiManager has a security vulnerability that stems from improper authentication in FortiManager

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0400",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.4"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24017"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.4",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24017"
      }
    ]
  },
  "cve": "CVE-2021-24017",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-382735",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-24017",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-24017",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-24017",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-367",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-382735",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-24017",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24017"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24017"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-367"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. FortiManager has a security vulnerability that stems from improper authentication in FortiManager",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-382735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24017"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-24017",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-367",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3003",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021090808",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-05869",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-382735",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24017",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24017"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-367"
      }
    ]
  },
  "id": "VAR-202109-0400",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382735"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:48:44.253000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fortinet FortiManager Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=162229"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-367"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382735"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24017"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-20-189"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-24017"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3003"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-read-write-access-via-p-o-module-assignment-36335"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021090808"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24017"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-367"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-382735"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24017"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24017"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-367"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382735"
      },
      {
        "date": "2021-09-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-24017"
      },
      {
        "date": "2021-09-30T16:15:07.410000",
        "db": "NVD",
        "id": "CVE-2021-24017"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-367"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382735"
      },
      {
        "date": "2021-10-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-24017"
      },
      {
        "date": "2021-10-08T03:12:18.733000",
        "db": "NVD",
        "id": "CVE-2021-24017"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-10-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-367"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-367"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pillow Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202301-0259
Vulnerability from variot

An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted. FortiManager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202301-0259",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.8"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.6  and earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45857"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.8",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.2",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-45857"
      }
    ]
  },
  "cve": "CVE-2022-45857",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.6,
            "impactScore": 5.3,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 0.7,
            "impactScore": 5.3,
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-45857",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-45857",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-45857",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202301-168",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45857"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-168"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted. FortiManager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-45857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "db": "VULHUB",
        "id": "VHN-443665"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-45857"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-45857",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2023.0065",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-168",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-443665",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-45857",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-443665"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-45857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-168"
      }
    ]
  },
  "id": "VAR-202301-0259",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-443665"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:16:58.395000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-22-371",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-22-371"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=221067"
      },
      {
        "title": "Fortinet Security Advisories: FortiManager - Incorrect user management behavior leads to passwordless admin",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories\u0026qid=fg-ir-22-371"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-45857 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-45857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-168"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45857"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "https://fortiguard.com/psirt/fg-ir-22-371"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-45857"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-privilege-escalation-via-passwordless-admin-40219"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2023.0065"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-45857/"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2022-45857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-443665"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-45857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-168"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-443665"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-45857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-45857"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-168"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-443665"
      },
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-45857"
      },
      {
        "date": "2023-04-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "date": "2023-01-05T08:15:08.800000",
        "db": "NVD",
        "id": "CVE-2022-45857"
      },
      {
        "date": "2023-01-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202301-168"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-01-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-443665"
      },
      {
        "date": "2023-01-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-45857"
      },
      {
        "date": "2023-04-12T02:22:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      },
      {
        "date": "2023-11-07T03:54:53.863000",
        "db": "NVD",
        "id": "CVE-2022-45857"
      },
      {
        "date": "2023-01-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202301-168"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-168"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-001491"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202301-168"
      }
    ],
    "trust": 0.6
  }
}

var-202112-0338
Vulnerability from variot

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202112-0338",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiportal",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortiproxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortirecorder",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.10"
      },
      {
        "model": "fortios-6k7k",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.2"
      },
      {
        "model": "fortiproxy",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "1.0.0"
      },
      {
        "model": "fortimail",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.1"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortimail",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortimail",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.7"
      },
      {
        "model": "fortimail",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortiweb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortirecorder",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.2"
      },
      {
        "model": "fortiswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortiswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortiswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortivoice",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimail",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortios-6k7k",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortiswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortiportal",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortiadc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortios-6k7k",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortivoice",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortiadc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.1.5"
      },
      {
        "model": "fortiproxy",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortiweb",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.3.16"
      },
      {
        "model": "fortiadc",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.13"
      },
      {
        "model": "fortivoice",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.10"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortindr",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "1.5.2"
      },
      {
        "model": "fortirecorder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "2.6.0"
      },
      {
        "model": "fortivoice",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.4"
      },
      {
        "model": "fortirecorder",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortindr",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "1.1.0"
      },
      {
        "model": "fortiproxy",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "2.0.7"
      },
      {
        "model": "fortiadc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimail",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortimanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortios",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.2",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.2",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.2",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.2",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios-6k7k:6.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios-6k7k:6.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.3.16",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.0.7",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortindr:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.5.2",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.4",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortivoice:*:*:*:*:entreprise:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.10",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.9",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.2",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortirecorder_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.10",
                "versionStartIncluding": "2.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortios-6k7k:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.2",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1.5",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.10",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.7",
                "versionStartIncluding": "5.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.13",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "cve": "CVE-2021-42757",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-42757",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-403819",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-016008",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-42757",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-42757",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202112-559",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-403819",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-42757",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-403819",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "id": "VAR-202112-0338",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      }
    ],
    "trust": 0.30833333
  },
  "last_update_date": "2024-01-19T23:27:43.537000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-173",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-21-173"
      },
      {
        "title": "Fortinet FortiOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=173877"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-120",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-21-173"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-42757"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortios-buffer-overflow-via-tftp-client-library-37026"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "date": "2022-12-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "date": "2021-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "date": "2021-12-08T11:15:11.840000",
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-403819"
      },
      {
        "date": "2022-12-05T06:18:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      },
      {
        "date": "2021-12-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      },
      {
        "date": "2024-01-18T15:48:06.043000",
        "db": "NVD",
        "id": "CVE-2021-42757"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiOS\u00a0 of \u00a0TFTP\u00a0 client library and \u00a0FortiOS\u00a0 Classic buffer overflow vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-016008"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202112-559"
      }
    ],
    "trust": 0.6
  }
}

var-202207-0069
Vulnerability from variot

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as root user via diagnose system CLI commands. Fortinet FortiManager and FortiAnalyzer for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. An operating system command injection vulnerability exists in Fortinet FortiManager and FortiAnalyzer due to incorrect default permissions on files and folders set by the application. An attacker could exploit this vulnerability to elevate privileges

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0069",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27483"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-27483"
      }
    ]
  },
  "cve": "CVE-2022-27483",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2022-015700",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-27483",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-27483",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2022-015700",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-390",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27483"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-390"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands. Fortinet FortiManager and FortiAnalyzer for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. An operating system command injection vulnerability exists in Fortinet FortiManager and FortiAnalyzer due to incorrect default permissions on files and folders set by the application. An attacker could exploit this vulnerability to elevate privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-27483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "db": "VULHUB",
        "id": "VHN-418123"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27483"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-27483",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-390",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022070535",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-418123",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27483",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418123"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-390"
      }
    ]
  },
  "id": "VAR-202207-0069",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418123"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:06:38.842000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-22-049",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-22-049"
      },
      {
        "title": "Fortinet FortiManager  and FortiAnalyzer Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201664"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-390"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418123"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27483"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/psirt/fg-ir-22-049"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27483"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortinet-fortianalyzer-fortimanager-code-execution-via-diagnose-system-38736"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-27483/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022070535"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-418123"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-390"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-418123"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-27483"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-27483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-390"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-418123"
      },
      {
        "date": "2022-07-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-27483"
      },
      {
        "date": "2023-09-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "date": "2022-07-19T14:15:08.500000",
        "db": "NVD",
        "id": "CVE-2022-27483"
      },
      {
        "date": "2022-07-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-390"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-418123"
      },
      {
        "date": "2022-07-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-27483"
      },
      {
        "date": "2023-09-28T07:53:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      },
      {
        "date": "2022-07-27T07:18:54.910000",
        "db": "NVD",
        "id": "CVE-2022-27483"
      },
      {
        "date": "2022-08-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-390"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-390"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet\u00a0FortiManager\u00a0 and \u00a0FortiAnalyzer\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-015700"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-390"
      }
    ],
    "trust": 0.6
  }
}

var-202108-0655
Vulnerability from variot

Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. FortiManager and FortiAnalyser Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. FortiManager and FortiAnalyzer have a cross-site scripting vulnerability that stems from insufficient sanitization of user-supplied data in the FortiManager and FortiAnalyzer user interfaces. A remote attacker could exploit this vulnerability to trick a victim into clicking a specially crafted link on a vulnerable website and execute arbitrary HTML and script code in the user's browser. A disclosed vulnerability could allow a remote attacker to perform a cross-site scripting attack

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202108-0655",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.2.7  and earlier"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.5  and earlier"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32597"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32597"
      }
    ]
  },
  "cve": "CVE-2021-32597",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-32597",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-392569",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.1,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2021-32597",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-32597",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-32597",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-352",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-392569",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-32597",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392569"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32597"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-352"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. FortiManager and  FortiAnalyser Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. FortiManager and FortiAnalyzer have a cross-site scripting vulnerability that stems from insufficient sanitization of user-supplied data in the FortiManager and FortiAnalyzer user interfaces. A remote attacker could exploit this vulnerability to trick a victim into clicking a specially crafted link on a vulnerable website and execute arbitrary HTML and script code in the user\u0027s browser. A disclosed vulnerability could allow a remote attacker to perform a cross-site scripting attack",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392569"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32597"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-32597",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-352",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2617",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080318",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-392569",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32597",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392569"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-352"
      }
    ]
  },
  "id": "VAR-202108-0655",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392569"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:58:59.988000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-054",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-21-054"
      },
      {
        "title": "Fortinet FortiManager  and  Fortinet FortiAnalyzer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158601"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-352"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.1
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392569"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32597"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-21-054"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32597"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080318"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-cross-site-scripting-36041"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2617"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/79.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392569"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-352"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-392569"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32597"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-352"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392569"
      },
      {
        "date": "2021-08-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32597"
      },
      {
        "date": "2022-05-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "date": "2021-08-06T11:15:07.547000",
        "db": "NVD",
        "id": "CVE-2021-32597"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-352"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392569"
      },
      {
        "date": "2021-08-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32597"
      },
      {
        "date": "2022-05-13T08:37:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      },
      {
        "date": "2021-08-13T17:11:39.617000",
        "db": "NVD",
        "id": "CVE-2021-32597"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-352"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-352"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 and \u00a0FortiAnalyser\u00a0 Cross-site Scripting Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009620"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202009-0093
Vulnerability from variot

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. FortiManager and FortiAnalyzer have a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data in WEB applications. An attacker could exploit this vulnerability to execute client code

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202009-0093",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.6"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12811"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.6",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.6",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12811"
      }
    ]
  },
  "cve": "CVE-2020-12811",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-165527",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-12811",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202009-1256",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-165527",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-165527"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. FortiManager and FortiAnalyzer have a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data in WEB applications. An attacker could exploit this vulnerability to execute client code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-12811"
      },
      {
        "db": "VULHUB",
        "id": "VHN-165527"
      }
    ],
    "trust": 0.99
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-12811",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1256",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3210",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-165527",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-165527"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ]
  },
  "id": "VAR-202009-0093",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-165527"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:12:51.083000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiManager  and FortiAnalyzer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=129276"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-165527"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12811"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-20-005"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12811"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-fortianalyzer-cross-site-scripting-via-identify-provider-name-33367"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3210/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-165527"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-165527"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-12811"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-165527"
      },
      {
        "date": "2020-09-24T18:15:16.887000",
        "db": "NVD",
        "id": "CVE-2020-12811"
      },
      {
        "date": "2020-09-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-165527"
      },
      {
        "date": "2020-09-30T19:18:09.800000",
        "db": "NVD",
        "id": "CVE-2020-12811"
      },
      {
        "date": "2020-10-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager and FortiAnalyzer Cross-site scripting vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202009-1256"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0498
Vulnerability from variot

The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. The following are vulnerable: OpenSSL 1.0.2 prior to 1.0.2b OpenSSL 1.0.1 prior to 1.0.1n OpenSSL 1.0.0 prior to 1.0.0s OpenSSL 0.9.8 prior to 0.9.8zg. The following firmware versions of Virtual Connect (VC) are impacted:

HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21

Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842.

Release Date: 2015-08-05 Last Updated: 2015-08-05

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.

References:

CVE-2015-4000: DHE man-in-the-middle protection (Logjam).

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided an updated version of OpenSSL to resolve this vulnerability.

A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

MANUAL ACTIONS: Yes - Update

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 5 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-2639-1 June 11, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. (CVE-2014-8176)

Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.4

Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.8

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.15

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.31

After a standard system update you need to reboot your computer to make all the necessary changes. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. [CVE-2015-1791]

The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl.

III. [CVE-2015-4000]. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]

An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

[FreeBSD 9.3 and 8.4]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision


stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295


To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:1115-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1115.html Issue date: 2015-06-15 CVE Names: CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)

A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. (CVE-2015-3216)

An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)

A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)

A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)

A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Böck as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Käsper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.

All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time 1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent 1228607 - CVE-2015-1792 OpenSSL: CMS verify infinite loop with unknown hash function 1228608 - CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.11.ppc.rpm openssl-1.0.1e-30.el6_6.11.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.11.ppc.rpm openssl-devel-1.0.1e-30.el6_6.11.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.11.s390.rpm openssl-1.0.1e-30.el6_6.11.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm openssl-devel-1.0.1e-30.el6_6.11.s390.rpm openssl-devel-1.0.1e-30.el6_6.11.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.11.ppc64.rpm openssl-static-1.0.1e-30.el6_6.11.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm openssl-perl-1.0.1e-30.el6_6.11.s390x.rpm openssl-static-1.0.1e-30.el6_6.11.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

ppc64: openssl-1.0.1e-42.el7_1.8.ppc64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm openssl-devel-1.0.1e-42.el7_1.8.ppc.rpm openssl-devel-1.0.1e-42.el7_1.8.ppc64.rpm openssl-libs-1.0.1e-42.el7_1.8.ppc.rpm openssl-libs-1.0.1e-42.el7_1.8.ppc64.rpm

s390x: openssl-1.0.1e-42.el7_1.8.s390x.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm openssl-devel-1.0.1e-42.el7_1.8.s390.rpm openssl-devel-1.0.1e-42.el7_1.8.s390x.rpm openssl-libs-1.0.1e-42.el7_1.8.s390.rpm openssl-libs-1.0.1e-42.el7_1.8.s390x.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-42.ael7b_1.8.src.rpm

ppc64le: openssl-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-devel-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-libs-1.0.1e-42.ael7b_1.8.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm openssl-perl-1.0.1e-42.el7_1.8.ppc64.rpm openssl-static-1.0.1e-42.el7_1.8.ppc.rpm openssl-static-1.0.1e-42.el7_1.8.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm openssl-perl-1.0.1e-42.el7_1.8.s390x.rpm openssl-static-1.0.1e-42.el7_1.8.s390.rpm openssl-static-1.0.1e-42.el7_1.8.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: openssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-perl-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-static-1.0.1e-42.ael7b_1.8.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8176 https://access.redhat.com/security/cve/CVE-2015-1789 https://access.redhat.com/security/cve/CVE-2015-1790 https://access.redhat.com/security/cve/CVE-2015-1791 https://access.redhat.com/security/cve/CVE-2015-1792 https://access.redhat.com/security/cve/CVE-2015-3216 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150611.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVf0NNXlSAg2UNWIIRArL4AJ9e7lbD/4Nks5midR5o3E4Bs5lQWQCgnrvk ZyXizCcFL9oAQexObjxp/Mo= =PXiY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. 5 client) - i386, x86_64

  1. (CVE-2015-1790)

A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. (CVE-2015-4000)

Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

Malformed ECParameters causes infinite loop (CVE-2015-1788)

Severity: Moderate

When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The fix was developed by Matt Caswell of the OpenSSL development team. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0498",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "sparc-opl service processor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "mcoperations ver3.6.2 to  ver4.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "ip38x/5000",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.25 and earlier"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "systemmanager ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "ip38x/3500",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure eecs 2.0.6.2.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "(sparc enterprise m3000/m4000/m5000/m8000/m9000 server )"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "ip38x/810",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "xcp",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "ip38x/1210",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "all revisions"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "8.0"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "sparc-opl service processor",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.25"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "ds8870 r7.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "screenos 6.3.0r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "qradar incident forensics mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.01"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.6"
      },
      {
        "model": "open source siem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cms r16.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "enterprise content management system monitor fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.02"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.03"
      },
      {
        "model": "i v5r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "one-x client enablement services sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "screenos 6.3.0r19",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.6"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "qradar siem mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "aura conferencing sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.124"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.0"
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.20.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "unified security management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.22"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.3"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "qradar incident forensics mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.03"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.38"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "screenos 6.3.0r22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.21"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.214"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4.4.04"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.6"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.24"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.01"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.41"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.10"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.13"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.62"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "aura conferencing sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.05"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "qradar siem patch ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.00"
      },
      {
        "model": "filenet system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "screenos 6.3.0r21",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise content management system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "sterling connect:enterprise for unix ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.50"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "qradar siem mr2 patch ifi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.110"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "screenos 6.3.0r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.12"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.45"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.0"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.21.0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1121"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "qradar siem mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.15"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.02"
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.23"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "screenos 6.3.0r20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cognos insight standard edition fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.24"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "aura application server sip core sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mysql server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "sterling connect:enterprise for unix ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.37"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.12"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sparc-opl_service_processor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1121",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Robert Swiecki(Google) and Hanno B\u0026amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;ouml;ck.",
    "sources": [
      {
        "db": "BID",
        "id": "75156"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1789",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1789",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1789",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1789",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-245",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1789",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nThe following are vulnerable:\nOpenSSL 1.0.2 prior to 1.0.2b\nOpenSSL 1.0.1 prior to 1.0.1n\nOpenSSL 1.0.0 prior to 1.0.0s\nOpenSSL 0.9.8 prior to 0.9.8zg. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-4000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1793    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. ============================================================================\nUbuntu Security Notice USN-2639-1\nJune 11, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed\nECParameters structures. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libssl1.0.0                     1.0.1f-1ubuntu11.4\n\nUbuntu 14.10:\n  libssl1.0.0                     1.0.1f-1ubuntu9.8\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.15\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.31\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \nCorrected:      2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)\n                2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)\n                2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)\n                2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)\n                2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)\n                2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)\nCVE Name:       CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791\n                CVE-2015-1792, CVE-2015-4000\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII. [CVE-2015-1791]\n\nThe OpenSSL advisory also describes a problem that is identified as\nCVE-2014-8176, which is already fixed by an earlier FreeBSD Errata\nNotice, FreeBSD-EN-15:02.openssl. \n\nIII. [CVE-2015-4000]. \n[CVE-2015-1788].  This affects FreeBSD 10.1 only, as the problem\nwas no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]\n\nAn attacker may be able to crash multi-thread applications that\nsupports resumed TLS handshakes. [CVE-2015-1791]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 9.3 and 8.4]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r284286\nreleng/8.4/                                                       r284295\nstable/9/                                                         r284286\nreleng/9.3/                                                       r284295\nstable/10/                                                        r284285\nreleng/10.1/                                                      r284295\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:1115-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1115.html\nIssue date:        2015-06-15\nCVE Names:         CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 \n                   CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a DTLS\nserver or client using OpenSSL to crash or, potentially, execute arbitrary\ncode. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. (CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of\nOpenSSL. A specially crafted X.509 certificate or a Certificate Revocation\nList (CRL) could possibly cause a TLS/SSL server or client using OpenSSL\nto crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL. This\nissue could possibly cause a multi-threaded TLS/SSL client using OpenSSL\nto double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax\n(CMS) messages. A CMS message with an unknown hash function identifier\ncould cause an application using OpenSSL to enter an infinite loop. \n(CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to crash. \n(CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan\nFratric as the original reporters of CVE-2014-8176, Robert Swiecki and\nHanno B\u00f6ck as the original reporters of CVE-2015-1789, Michal Zalewski as\nthe original reporter of CVE-2015-1790, Emilia K\u00e4sper as the original\nreport of  CVE-2015-1791 and Johannes Bauer as the original reporter of\nCVE-2015-1792. \n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time\n1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent\n1228607 - CVE-2015-1792 OpenSSL: CMS verify infinite loop with unknown hash function\n1228608 - CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.11.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nppc64:\nopenssl-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-42.ael7b_1.8.src.rpm\n\nppc64le:\nopenssl-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-devel-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-libs-1.0.1e-42.ael7b_1.8.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-static-1.0.1e-42.el7_1.8.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-static-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-static-1.0.1e-42.el7_1.8.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nopenssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-perl-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-static-1.0.1e-42.ael7b_1.8.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8176\nhttps://access.redhat.com/security/cve/CVE-2015-1789\nhttps://access.redhat.com/security/cve/CVE-2015-1790\nhttps://access.redhat.com/security/cve/CVE-2015-1791\nhttps://access.redhat.com/security/cve/CVE-2015-1792\nhttps://access.redhat.com/security/cve/CVE-2015-3216\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150611.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVf0NNXlSAg2UNWIIRArL4AJ9e7lbD/4Nks5midR5o3E4Bs5lQWQCgnrvk\nZyXizCcFL9oAQexObjxp/Mo=\n=PXiY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. 5 client) - i386, x86_64\n\n3. \n(CVE-2015-1790)\n\nA flaw was found in the way the TLS protocol composes the Diffie-Hellman \n(DH) key exchange. (CVE-2015-4000)\n\nNote: This update forces the TLS/SSL client implementation in OpenSSL to \nreject DH key sizes below 768 bits, which prevents sessions to be \ndowngraded to export-grade keys. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\n===========================================================\n\nSeverity: Moderate\n\nWhen processing an ECParameters structure OpenSSL enters an infinite loop if\nthe curve specified is over a specially malformed binary polynomial field. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The\nfix was developed by Matt Caswell of the OpenSSL development team. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1789",
        "trust": 3.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10733",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "75156",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1032564",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU91445763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1789",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137294",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132260",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132313",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132508",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "id": "VAR-201506-0498",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-07-04T22:03:03.877000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "title": "Fix length checks in X509_cmp_time to avoid out-of-bounds reads.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "HPSBHF03613",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "title": "Tarballs",
        "trust": 0.8,
        "url": "https://www.openssl.org/source/"
      },
      {
        "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "TLSA-2015-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-14j.html"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
      },
      {
        "title": "openssl-1.0.1n",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56612"
      },
      {
        "title": "openssl-1.0.0s",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56611"
      },
      {
        "title": "openssl-0.9.8zg",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56610"
      },
      {
        "title": "openssl-1.0.2b",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56613"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1789",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1789"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-550",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-550"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1789 "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/khadas/android_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/yaap/external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/crdroid-r/external_honggfuzz "
      },
      {
        "title": "tab_pie_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/credenceid/tab_pie_external_honggfuzz "
      },
      {
        "title": "platform_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/dennissimos/platform_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/swordphoenix/external_honggfuzz "
      },
      {
        "title": "platform_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/aosp-caf-upstream/platform_external_honggfuzz "
      },
      {
        "title": "honggfuzz_READ",
        "trust": 0.1,
        "url": "https://github.com/imbaya2466/honggfuzz_read "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/bananadroid/android_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/forklineageos/external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/thexperienceproject/android_external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/random-aosp-stuff/android_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/wave-project/external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/project-1ce/external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/jingpad-bsp/android_external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/crdroidandroid/android_external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/statixos/android_external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/caf-extended/external_honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/ozone-os/external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/corvus-r/android_external_honggfuzz "
      },
      {
        "title": "external-honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkerboard2-android/external-honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkeredger-android/external_honggfuzz "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/ep-infosec/50_google_honggfuzz "
      },
      {
        "title": "lllnx",
        "trust": 0.1,
        "url": "https://github.com/lllnx/lllnx "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkerboard2-android/external_honggfuzz "
      },
      {
        "title": "external-honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/tinkerboard-android/external-honggfuzz "
      },
      {
        "title": "external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/havocr/external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/protonaosp-platina/android_external_honggfuzz "
      },
      {
        "title": "android_external_honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/protonaosp/android_external_honggfuzz "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/tomoms/android_external_honggfuzz "
      },
      {
        "title": "honggfuzz",
        "trust": 0.1,
        "url": "https://github.com/google/honggfuzz "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html"
      },
      {
        "trust": 2.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 2.0,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/75156"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/f48b83b4fb7d6689584cf25f61ca63a4891f5b11"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.7,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.7,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032564"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1789"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/cve-2015-1789"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2015:1115"
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228603"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2015:1197"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962775"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04739301"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005376"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965415"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966723"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098801"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012435"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101013879"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012550"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962726"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964441"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=swg21903425"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963270"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005373"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005434"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963603"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1790"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=44733"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/swd/public"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4000\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:10.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "db": "BID",
        "id": "75156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75156"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "date": "2016-06-02T16:22:00",
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "date": "2015-08-06T10:10:00",
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "date": "2015-06-11T23:39:03",
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "date": "2015-06-12T13:25:28",
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "date": "2015-06-15T23:37:59",
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2015-07-01T02:01:05",
        "db": "PACKETSTORM",
        "id": "132508"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "date": "2015-06-12T19:59:02.507000",
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1789"
      },
      {
        "date": "2017-05-02T01:08:00",
        "db": "BID",
        "id": "75156"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      },
      {
        "date": "2023-04-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      },
      {
        "date": "2023-02-13T00:46:47.770000",
        "db": "NVD",
        "id": "CVE-2015-1789"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/x509/x509_vfy.c of  X509_cmp_time Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003081"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-245"
      }
    ],
    "trust": 0.6
  }
}

var-202002-0835
Vulnerability from variot

A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page. FortiManager Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FortiManager is prone to following security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. An HTML-injection vulnerability 3. An SQL-injection vulnerability 4. A local privilege-escalation vulnerability 5. An arbitrary file-download vulnerability Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. An attacker could exploit this vulnerability to elevate privileges

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0835",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "fortimanager  firmware  5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "fortimanager  firmware  5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.10",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.1",
                "versionStartIncluding": "5.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3613"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maksymilian Motyl and the ITN Security Team at Orange Polska",
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3613",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3613",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81574",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-3613",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3613",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-057",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81574",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81574"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page. FortiManager Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FortiManager is prone to following security vulnerabilities:\n1. A remote privilege-escalation vulnerability\n2. An HTML-injection vulnerability\n3. An SQL-injection vulnerability\n4. A local privilege-escalation vulnerability\n5. An arbitrary file-download vulnerability\nExploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. An attacker could exploit this vulnerability to elevate privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81574"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3613",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "74444",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1032188",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-057",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-07201",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-81574",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81574"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ]
  },
  "id": "VAR-202002-0835",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81574"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:03:42.576000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multiple\u00a0Vulnerabilities\u00a0in\u00a0FortiManager",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110665"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.1
      },
      {
        "problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81574"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3613"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/74444"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032188"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3613"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-011/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81574"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81574"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81574"
      },
      {
        "date": "2015-04-16T00:00:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "date": "2020-02-04T20:15:11.497000",
        "db": "NVD",
        "id": "CVE-2015-3613"
      },
      {
        "date": "2020-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81574"
      },
      {
        "date": "2017-08-25T07:11:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      },
      {
        "date": "2020-02-05T21:17:13.417000",
        "db": "NVD",
        "id": "CVE-2015-3613"
      },
      {
        "date": "2020-03-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 Vulnerabilities in permissions management",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008561"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-057"
      }
    ],
    "trust": 0.6
  }
}

var-202108-0656
Vulnerability from variot

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. FortiManager and FortiAnalyser GUI Has HTTP A vulnerability exists in Request Smuggling.Information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. Injection vulnerabilities exist in Fortinet FortiManager and Fortinet FortiAnalyzer. The vulnerability is caused by incorrect handling of CRLF character sequences in the FortiManager and FortiAnalyzer GUI. A remote user can send a special request containing a CRLF sequence and have the application send a fragmented HTTP response

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202108-0656",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "5.6.11  and earlier"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.6  and earlier"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.2.8  and earlier"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.0.11  and earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32598"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32598"
      }
    ]
  },
  "cve": "CVE-2021-32598",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-32598",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-392570",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-32598",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-32598",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-32598",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-340",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-392570",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-32598",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32598"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-340"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper neutralization of CRLF sequences in HTTP headers (\u0027HTTP Response Splitting\u0027) vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. FortiManager and  FortiAnalyser GUI Has HTTP A vulnerability exists in Request Smuggling.Information may be tampered with. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. Injection vulnerabilities exist in Fortinet FortiManager and Fortinet FortiAnalyzer. The vulnerability is caused by incorrect handling of CRLF character sequences in the FortiManager and FortiAnalyzer GUI. A remote user can send a special request containing a CRLF sequence and have the application send a fragmented HTTP response",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32598"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-32598",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-340",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2617",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080318",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-392570",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32598",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-340"
      }
    ]
  },
  "id": "VAR-202108-0656",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392570"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:08:21.930000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-063",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-21-063"
      },
      {
        "title": "Fortinet FortiManager  and Fortinet FortiAnalyzer Remediation measures for environmental problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159850"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-340"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-444",
        "trust": 1.1
      },
      {
        "problemtype": "HTTP Request Smuggling (CWE-444) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392570"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32598"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-21-063"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32598"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080318"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-information-disclosure-via-http-response-splitting-36043"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2617"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/444.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-340"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-392570"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32598"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-340"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392570"
      },
      {
        "date": "2021-08-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32598"
      },
      {
        "date": "2022-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "date": "2021-08-05T11:15:07.417000",
        "db": "NVD",
        "id": "CVE-2021-32598"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-340"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392570"
      },
      {
        "date": "2021-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32598"
      },
      {
        "date": "2022-05-18T02:49:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      },
      {
        "date": "2021-08-12T19:30:55.813000",
        "db": "NVD",
        "id": "CVE-2021-32598"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-340"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-340"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 and \u00a0FortiAnalyser\u00a0GUI\u00a0 In \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009724"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201512-0485
Vulnerability from variot

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. ============================================================================ Ubuntu Security Notice USN-2830-1 December 07, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.10
  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL. This issue only applied to Ubuntu 15.10. This issue only applied to Ubuntu 15.10. (CVE-2015-3194)

Adam Langley discovered that OpenSSL incorrectly handled malformed X509_ATTRIBUTE structures. (CVE-2015-3195)

It was discovered that OpenSSL incorrectly handled PSK identity hints. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: libssl1.0.0 1.0.2d-0ubuntu1.2

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.5

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.16

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.32

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322 Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-21 Last Updated: 2017-02-21

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2015-1794 - Remote Denial of Service (DoS)
  • CVE-2015-3193 - Remote disclosure of sensitive information
  • CVE-2015-3194 - Remote Denial of Service (DoS)
  • CVE-2015-3195 - Remote disclosure of sensitive information
  • CVE-2015-3196 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-1794
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3193
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-3194
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3195
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3196
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2516
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2516
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2516
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2516
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2516
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2516
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2516
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: See Mitigation
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P02
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P02
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 6125G/XG Blade Switch - Version: R2112P05
    • HP Network Products
    • 737220-B21 HP 6125G Blade Switch with TAA
    • 737226-B21 HP 6125G/XG Blade Switch with TAA
    • 658250-B21 HP 6125G/XG Blade Switch Opt Kit
    • 658247-B21 HP 6125G Blade Switch Opt Kit
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1810P03
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P21
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1517
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P15
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2111P01
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2 (Comware 5) - Version: R5213P01
    • HP Network Products
    • JD313B HPE 3100 24 PoE v2 EI Switch
    • JD318B HPE 3100 8 v2 EI Switch
    • JD319B HPE 3100 16 v2 EI Switch
    • JD320B HPE 3100 24 v2 EI Switch
    • JG221A HPE 3100 8 v2 SI Switch
    • JG222A HPE 3100 16 v2 SI Switch
    • JG223A HPE 3100 24 v2 SI Switch
  • HP870 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P51
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P44
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P44
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HPE FlexNetwork 6608 Router Chassis
    • JC178A HPE FlexNetwork 6604 Router Chassis
    • JC178B HPE FlexNetwork 6604 Router Chassis
    • JC496A HPE FlexNetwork 6616 Router Chassis
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC176A HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1113
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1112
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1517P01
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1110
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch
  • NJ5000 - Version: R1107
    • HP Network Products
    • JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7180
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1150
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0322P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2150
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 6125XLG - Version: R2432P01
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
  • 6127XLG - Version: R2432P01
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
  • Moonshot - Version: R2432P01
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
  • 5700 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7180
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
  • 5510HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
  • 5130HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

iMC Products

  • IMC PLAT - Version: 7.2 E0403P04
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • IMC iNode - Version: 7.2 E0407
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC UAM_TAM - Version: 7.1 E0406
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • IMC WSM - Version: 7.2 E0502P04
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 21 February 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:2617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html Issue date: 2015-12-14 CVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 =====================================================================

  1. Summary:

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194)

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)

A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)

All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-1.0.1e-42.el6_7.1.ppc.rpm openssl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-1.0.1e-42.el6_7.1.s390.rpm openssl-1.0.1e-42.el6_7.1.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-devel-1.0.1e-42.el6_7.1.s390.rpm openssl-devel-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-static-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-perl-1.0.1e-42.el6_7.1.s390x.rpm openssl-static-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

aarch64: openssl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm openssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.1.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-devel-1.0.1e-51.el7_2.1.s390.rpm openssl-devel-1.0.1e-51.el7_2.1.s390x.rpm openssl-libs-1.0.1e-51.el7_2.1.s390.rpm openssl-libs-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64: openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-static-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-static-1.0.1e-51.el7_2.1.ppc.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-perl-1.0.1e-51.el7_2.1.s390x.rpm openssl-static-1.0.1e-51.el7_2.1.s390.rpm openssl-static-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/updates/classification/#moderate https://openssl.org/news/secadv/20151203.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4 dpIS/iR9oiOKMXJY5t447ME= =qvLr -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). For more information, see: https://openssl.org/news/secadv_20151203.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196 ( Security fix ) patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz 0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz 122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz 2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz 483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz 17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz 52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz 156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Slackware -current packages: 27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz 940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz

Slackware x86_64 -current packages: 8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz 87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Description:

This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

  • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

  • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

  • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

  • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

  • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2012-1148)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error

  1. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u18.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u2.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2e-1 or earlier.

NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team.

Certificate verify crash with missing PSS parameter (CVE-2015-3194)

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.

The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

Severity: Low

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0485",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "22"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.7"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "icewall sso",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "vm virtualbox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.35"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.5"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "sun ray software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0t"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "5.0.13"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "4.3.35"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.19"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59307)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.10"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "hsr6602 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66025"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.15"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "hp870 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-165)"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "4500g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-1x5)"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2.1"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.5"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smb (comware r1110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16205)"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "qradar siem patch ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.091"
      },
      {
        "model": "msr20 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr 50-g2 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "ctpview 7.3r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "si (comware r1517",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105007)"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.38.00"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75007)"
      },
      {
        "model": "oncommand report",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.17"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "imc uam tam e0406",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "(comware r5319p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36105)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.16"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "msr2000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "6125xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59007)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "hsr6800 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "f5000-a (comware f3210p26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.4"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.4"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "imc inode e0407",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "altavault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "project openssl 1.0.0t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "smb1910 (comware r1113",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.2"
      },
      {
        "model": "hi (comware r5501p21",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9xx5)"
      },
      {
        "model": "hp850 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "imc wsm e0502p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "6127xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "a6600 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r1810p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58005)"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "moonshot r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4.0650"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "5510hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "(comware r2150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "msr1000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "vsr (comware e0322p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "wx5004-ei (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "4800g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51307)"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smb1920 (comware r1112",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "u200s and cs (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57007)"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "msr4000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "hp6000 (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "(comware r1118p13",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58305)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "rse ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "rpe ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "(comware r5213p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v25)"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.4"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "vcx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.8.19"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "(comware r7377",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125007)"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "imc plat e0403p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3.16.00"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.633"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "(comware r1517p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v19105)"
      },
      {
        "model": "hp830 (comware r3507p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.11"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "505)"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "hsr6800 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.17"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "u200a and m (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "ctpview 7.1r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "hsr6602 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "ctpview 7.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "(comware r1210p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105005)"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "nj5000 r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hsr6600 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "hsr6800 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "tivoli netcool reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "(comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125005)"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.62"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "msr20-1x (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr3000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9500e (comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "fortidb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "5130hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "5500si (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "93x5)"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.18"
      },
      {
        "model": "websphere mq advanced message security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19507)"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "(comware r6710p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75005)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.9"
      },
      {
        "model": "fortiwan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "oncommand unified manager for clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "(comware r2111p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v25)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "(comware r1150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129007)"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "305)"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "10.1-release-p25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.3"
      },
      {
        "model": "secblade fw (comware r3181p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "4210g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "icewall sso certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "6125g/xg blade switch r2112p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.9"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso:10.0:*:*:*:certd:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0s:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.35",
                "versionStartIncluding": "4.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.13",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dr. Stephen Henson of the OpenSSL development team",
    "sources": [
      {
        "db": "BID",
        "id": "78622"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3196",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3196",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3196",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-076",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3196",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. ============================================================================\nUbuntu Security Notice USN-2830-1\nDecember 07, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. This issue only applied to Ubuntu 15.10. This issue only\napplied to Ubuntu 15.10. \n(CVE-2015-3194)\n\nAdam Langley discovered that OpenSSL incorrectly handled malformed\nX509_ATTRIBUTE structures. \n(CVE-2015-3195)\n\nIt was discovered that OpenSSL incorrectly handled PSK identity hints. This issue only applied to Ubuntu 12.04\nLTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  libssl1.0.0                     1.0.2d-0ubuntu1.2\n\nUbuntu 15.04:\n  libssl1.0.0                     1.0.1f-1ubuntu11.5\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.16\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.32\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-1794 - Remote Denial of Service (DoS)\n  - CVE-2015-3193 - Remote disclosure of sensitive information\n  - CVE-2015-3194 - Remote Denial of Service (DoS)\n  - CVE-2015-3195 - Remote disclosure of sensitive information\n  - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-1794\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3193\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-3194\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3195\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3196\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: See Mitigation**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P02**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P02**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **6125G/XG Blade Switch - Version: R2112P05**\n    * HP Network Products\n      - 737220-B21 HP 6125G Blade Switch with TAA\n      - 737226-B21 HP 6125G/XG Blade Switch with TAA\n      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n      - 658247-B21 HP 6125G Blade Switch Opt Kit\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1810P03**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P21**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1517**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P15**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2111P01**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2 (Comware 5) - Version: R5213P01**\n    * HP Network Products\n      - JD313B HPE 3100 24 PoE v2 EI Switch\n      - JD318B HPE 3100 8 v2 EI Switch\n      - JD319B HPE 3100 16 v2 EI Switch\n      - JD320B HPE 3100 24 v2 EI Switch\n      - JG221A HPE 3100 8 v2 SI Switch\n      - JG222A HPE 3100 16 v2 SI Switch\n      - JG223A HPE 3100 24 v2 SI Switch\n  + **HP870 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P51**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HPE FlexNetwork 6608 Router Chassis\n      - JC178A HPE FlexNetwork 6604 Router Chassis\n      - JC178B HPE FlexNetwork 6604 Router Chassis\n      - JC496A HPE FlexNetwork 6616 Router Chassis\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1113**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1112**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1517P01**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1110**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n  + **NJ5000 - Version: R1107**\n    * HP Network Products\n      - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5510HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n  + **5130HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n  + **IMC PLAT - Version: 7.2 E0403P04**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **IMC iNode - Version: 7.2 E0407**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC UAM_TAM - Version: 7.1 E0406**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **IMC WSM - Version: 7.2 E0502P04**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:2617-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-2617.html\nIssue date:        2015-12-14\nCVE Names:         CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-static-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3194\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-3196\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://openssl.org/news/secadv/20151203.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4\ndpIS/iR9oiOKMXJY5t447ME=\n=qvLr\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n  Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). \n  For more information, see:\n    https://openssl.org/news/secadv_20151203.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d  openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483  openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e  openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f  openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7  openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec  openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b  openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b  openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94  openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306  openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7  openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb  openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90  openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b  openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71  openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f  openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88  openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a  openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16  openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7  openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9  a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16  n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b  a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0  n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier. \n\nNOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE\n0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS\nPER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. For example this can occur by\ndefault in OpenSSL DHE based SSL/TLS ciphersuites. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 13 2015 by Hanno\nB\u00f6ck. The fix was developed by Andy Polyakov of the OpenSSL\ndevelopment team. \n\nCertificate verify crash with missing PSS parameter (CVE-2015-3194)\n===================================================================\n\nSeverity: Moderate\n\nThe signature verification routines will crash with a NULL pointer dereference\nif presented with an ASN.1 signature using the RSA PSS algorithm and absent\nmask generation function parameter. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any certificate\nverification operation and exploited in a DoS attack. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\n\nThis issue was reported to OpenSSL on August 27 2015 by Lo\u00efc Jonas Etienne\n(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL\ndevelopment team. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is affected. \nSSL/TLS is not affected. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\nOpenSSL 1.0.0 users should upgrade to 1.0.0t\nOpenSSL 0.9.8 users should upgrade to 0.9.8zh\n\nThis issue was reported to OpenSSL on November 9 2015 by Adam Langley\n(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen\nHenson of the OpenSSL development team. \n\nThis issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously\nlisted in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0\nand has not been previously fixed in an OpenSSL 1.0.0 release. \n\nThe fix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nAnon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)\n============================================================\n\nSeverity: Low\n\nIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite with\nthe value of p set to 0 then a seg fault can occur leading to a possible denial\nof service attack. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nversions will be provided after that date. In the absence of significant\nsecurity issues being identified prior to that date, the 1.0.0t and 0.9.8zh\nreleases will be the last for those versions. Users of these versions are\nadvised to upgrade. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20151203.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3196",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "78622",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.7
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU95113540",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076",
        "trust": 0.6
      },
      {
        "db": "MCAFEE",
        "id": "SB10203",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134652",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141239",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134782",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134859",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134632",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169632",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "id": "VAR-201512-0485",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.43503637333333334
  },
  "last_update_date": "2024-07-23T21:00:45.295000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.0-notes.html"
      },
      {
        "title": "Release Strategy",
        "trust": 0.8,
        "url": "https://www.openssl.org/policies/releasestrat.html"
      },
      {
        "title": "Fix PSK handling.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
      },
      {
        "title": "Race condition handling PSK identify hint (CVE-2015-3196)",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "OpenSSL Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58938"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-3196",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3196"
      },
      {
        "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-614",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3196 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2015/dsa-3413"
      },
      {
        "trust": 2.1,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.7,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/78622"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95113540/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3196"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=3c66a669dfc7b3792f7af0758ea26fe8502ce70c"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.3,
        "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288326"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/dec/23"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944173"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000128"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005702"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974459"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976148"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978085"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978239"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981612"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000058"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/362.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:2617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42531"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2d-0ubuntu1.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.32"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://openssl.org/news/secadv_20151203.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20151203.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "db": "BID",
        "id": "78622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "date": "2015-12-03T00:00:00",
        "db": "BID",
        "id": "78622"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "date": "2015-12-07T16:36:58",
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "date": "2017-02-23T17:10:09",
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "date": "2015-12-14T16:39:59",
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "date": "2015-12-16T20:20:47",
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2015-12-04T17:22:00",
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "date": "2015-12-03T12:12:12",
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "date": "2015-12-06T20:59:06.913000",
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3196"
      },
      {
        "date": "2017-12-19T22:01:00",
        "db": "BID",
        "id": "78622"
      },
      {
        "date": "2016-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      },
      {
        "date": "2023-11-07T02:25:31.830000",
        "db": "NVD",
        "id": "CVE-2015-3196"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "134652"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ssl/s3_clnt.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006117"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-076"
      }
    ],
    "trust": 0.6
  }
}

var-202109-0399
Vulnerability from variot

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. FortiManager has a security vulnerability that stems from improper authentication in FortiManager. An attacker could exploit this vulnerability to assign or unassign a global policy package to the flatui/json module via a POST request

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0399",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.4"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24016"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.4",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24016"
      }
    ]
  },
  "cve": "CVE-2021-24016",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-382734",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.3,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 0.7,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-24016",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-24016",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-366",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-382734",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382734"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24016"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-366"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. FortiManager has a security vulnerability that stems from improper authentication in FortiManager. An attacker could exploit this vulnerability to assign or unassign a global policy package to the flatui/json module via a POST request",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-382734"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24016"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-24016",
        "trust": 1.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-366",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3003",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021090809",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-05868",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-382734",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24016",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382734"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24016"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-366"
      }
    ]
  },
  "id": "VAR-202109-0399",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382734"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:06:37.919000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fortinet FortiManager Fixes for code injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=165669"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-366"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-1236",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24016"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-20-190"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-24016"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3003"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-code-execution-via-p-o-ipv4-policy-names-excel-formula-injection-36336"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021090809"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382734"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24016"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-366"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-382734"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24016"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-366"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382734"
      },
      {
        "date": "2021-09-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-24016"
      },
      {
        "date": "2021-09-30T16:15:07.350000",
        "db": "NVD",
        "id": "CVE-2021-24016"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-366"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382734"
      },
      {
        "date": "2021-09-30T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-24016"
      },
      {
        "date": "2021-10-08T03:22:19.737000",
        "db": "NVD",
        "id": "CVE-2021-24016"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-10-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-366"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-366"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pillow Buffer error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201807-0298
Vulnerability from variot

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. Fortinet FortiManager and FortiAnalyzer Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiManager and FortiAnalyzer are prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The following products are affected: FortiManager 6.0.0, 5.6.4 and prior FortiAnalyzer 6.0.0, 5.6.4 and prior. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. Cross-site scripting vulnerabilities exist in Fortinet FortiManager 6.0.0, 5.6.4 and earlier versions and FortiAnalyzer 6.0.0, 5.6.4 and earlier versions

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0298",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "5.6.4"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "5.6.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.6.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.6.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-458"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17541"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hassan Kooshkaki and Farid Heydari.",
    "sources": [
      {
        "db": "BID",
        "id": "105129"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-17541",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-17541",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-108574",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-17541",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-17541",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201712-458",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-108574",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108574"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-458"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. Fortinet FortiManager and FortiAnalyzer Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiManager and FortiAnalyzer are prone to an HTML-injection vulnerability because it fails to properly  sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. \nThe following products are affected:\nFortiManager 6.0.0, 5.6.4 and prior\nFortiAnalyzer 6.0.0, 5.6.4 and prior. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. Cross-site scripting vulnerabilities exist in Fortinet FortiManager 6.0.0, 5.6.4 and earlier versions and FortiAnalyzer 6.0.0, 5.6.4 and earlier versions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-17541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      },
      {
        "db": "BID",
        "id": "105129"
      },
      {
        "db": "VULHUB",
        "id": "VHN-108574"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-17541",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1041246",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1041247",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-458",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "105129",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-108574",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108574"
      },
      {
        "db": "BID",
        "id": "105129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-458"
      }
    ]
  },
  "id": "VAR-201807-0298",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108574"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:28:51.045000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-17-305",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-17-305"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108574"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17541"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-17-305"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1041246"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1041247"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17541"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17541"
      },
      {
        "trust": 0.3,
        "url": "https://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-17-305"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-108574"
      },
      {
        "db": "BID",
        "id": "105129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-458"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-108574"
      },
      {
        "db": "BID",
        "id": "105129"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-17541"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-458"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-07-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108574"
      },
      {
        "date": "2018-07-05T00:00:00",
        "db": "BID",
        "id": "105129"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      },
      {
        "date": "2018-07-16T20:29:00.270000",
        "db": "NVD",
        "id": "CVE-2017-17541"
      },
      {
        "date": "2017-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-458"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-108574"
      },
      {
        "date": "2018-07-05T00:00:00",
        "db": "BID",
        "id": "105129"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      },
      {
        "date": "2018-09-12T19:22:27.007000",
        "db": "NVD",
        "id": "CVE-2017-17541"
      },
      {
        "date": "2018-07-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201712-458"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-458"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager and  FortiAnalyzer Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014053"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201712-458"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0496
Vulnerability from variot

Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. OpenSSL is prone to a race-condition security vulnerability. The impact of this issue is currently unknown. We will update this BID when more information emerges. The following are vulnerable: OpenSSL 1.0.2 prior to 1.0.2b OpenSSL 1.0.1 prior to 1.0.1n OpenSSL 1.0.0 prior to 1.0.0s OpenSSL 0.9.8 prior to 0.9.8zg. The following firmware versions of Virtual Connect (VC) are impacted:

HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21

Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04760669

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04760669 Version: 1

HPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-08-05 Last Updated: 2015-08-05

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.

This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.

References:

CVE-2015-4000: DHE man-in-the-middle protection (Logjam).

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided an updated version of OpenSSL to resolve this vulnerability.

A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

MANUAL ACTIONS: Yes - Update

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 5 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2 L90AnAgGXxSCZgBVzDQCAezbHbrHPwtg =74KM -----END PGP SIGNATURE----- .

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security as well as a general purpose cryptography library.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o

Description

Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"

References

[ 1 ] CVE-2014-8176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176 [ 2 ] CVE-2015-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788 [ 3 ] CVE-2015-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789 [ 4 ] CVE-2015-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790 [ 5 ] CVE-2015-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791 [ 6 ] CVE-2015-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792 [ 7 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201506-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

.

References:

  • CVE-2014-8176 - Remote Denial of Service (DoS)
  • CVE-2015-1788 - Remote Denial of Service (DoS)
  • CVE-2015-1789 - Remote Denial of Service (DoS)
  • CVE-2015-1790 - Remote Denial of Service (DoS)
  • CVE-2015-1791 - Remote Denial of Service (DoS)
  • CVE-2015-1792 - Remote Denial of Service (DoS)
  • CVE-2015-1793 - Remote Unauthorized Access
  • PSRT110158, SSRT102264

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

Please refer to the RESOLUTION below for a list of impacted products.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P23
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2514P10
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: R2514P10
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P01
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P01
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P01
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1809P11
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P17
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P19
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P20
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P20
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1516
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P14
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2-48 (Comware 5) - Version: R2110P06
    • HP Network Products
    • JG315A HP 3100-48 v2 Switch
    • JG315B HP 3100-48 v2 Switch
  • HP870 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P46
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P46
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P46
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P46
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: R3181P07
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: R3734P08
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: R3811P05
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: R3820P06
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC165A) HP 6600 RPE-X1 Router Module
    • JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC176A) HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1111
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1109
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1516
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1108
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7376
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7170
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1138P01
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0305P04
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0321P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2138P01
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 5700 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2422P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P05
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3109P16
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7170
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit

iMC Products

  • iMC Plat - Version: iMC Plat 7.1 E0303P16
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU
    • JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU
    • JG659AAE HP IMC Smart Connect VAE E-LTU
    • JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU
    • JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • iMC NSM - Version: iMC WSM 7.1 E0303P10
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.18
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

HISTORY Version:1 (rev.1) - 5 July 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz 9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz 986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz 503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz 874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz 758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz 9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Slackware -current packages: 56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz 6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz

Slackware x86_64 -current packages: e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz 91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n

Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.

Malformed ECParameters causes infinite loop (CVE-2015-1788)

Severity: Moderate

When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

CMS verify infinite loop with unknown hash function (CVE-2015-1792)

Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.

Invalid free in DTLS (CVE-2014-8176)

Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0496",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 5.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.63"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "6.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle secure global desktop 4.71"
      },
      {
        "model": "communications applications",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise session border controller ecz7.3m1p4 and earlier"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver6.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "systemmanager ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.0"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "mcoperations ver3.6.2 to  ver4.2"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "8.0"
      },
      {
        "model": "enterprisedirectoryserver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "7.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure eecs 2.0.6.2.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.6"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "open source siem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "communications session border controller scz7.4.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "qradar incident forensics mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "qradar siem patch ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.00"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "screenos 6.3.0r21",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "communications session border controller scz7.3.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.03"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.6"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4.2"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.01"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.5.0"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.4"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.07"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.50"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "screenos 6.3.0r22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "qradar siem mr2 patch ifi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.110"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.07"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "screenos 6.3.0r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.6"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.12"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.6"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.45"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.21"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.0"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "netinsight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.6"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.26"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "qradar siem mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "qradar siem mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "screenos 6.3.0r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.01"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.03"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "smartcloud entry appliance fp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.19"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.41"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "qradar incident forensics mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.15"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.02"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "rational developer for aix and linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "screenos 6.3.0r20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.10"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.13"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.62"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.212"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.0"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.3"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.01"
      },
      {
        "model": "unified security management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.05"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational clearcase",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.12"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2015-1791",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-1791",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1791",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-247",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1791",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. OpenSSL is prone to a race-condition security vulnerability. \nThe impact of this issue is currently unknown. We will update this BID when more information emerges. \nThe following are vulnerable:\nOpenSSL 1.0.2 prior to 1.0.2b\nOpenSSL 1.0.1 prior to 1.0.1n\nOpenSSL 1.0.0 prior to 1.0.0s\nOpenSSL 0.9.8 prior to 0.9.8zg. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04760669\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04760669\nVersion: 1\n\nHPSBUX03388 SSRT102180 rev.1 - HP-UX running OpenSSL, Remote Disclosure of\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nThis is the TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as Logjam which could be exploited remotely\nresulting in disclosure of information. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-4000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1793    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niEYEARECAAYFAlXCSD4ACgkQ4B86/C0qfVlKnQCg5XcK1amrTACEyDY3QtJF75u2\nL90AnAgGXxSCZgBVzDQCAezbHbrHPwtg\n=74KM\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer\nand Transport Layer Security as well as a general purpose cryptography\nlibrary. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1o               \u003e= 0.9.8z_p7\n                                                            \u003e= 1.0.1o\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1o\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8176\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176\n[ 2 ] CVE-2015-1788\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788\n[ 3 ] CVE-2015-1789\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789\n[ 4 ] CVE-2015-1790\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790\n[ 5 ] CVE-2015-1791\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791\n[ 6 ] CVE-2015-1792\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792\n[ 7 ] CVE-2015-4000\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201506-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. \n\nReferences:\n\n  - CVE-2014-8176 - Remote Denial of Service (DoS)\n  - CVE-2015-1788 - Remote Denial of Service (DoS)\n  - CVE-2015-1789 - Remote Denial of Service (DoS)\n  - CVE-2015-1790 - Remote Denial of Service (DoS)\n  - CVE-2015-1791 - Remote Denial of Service (DoS)\n  - CVE-2015-1792 - Remote Denial of Service (DoS)\n  - CVE-2015-1793 - Remote Unauthorized Access\n  - PSRT110158, SSRT102264\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\nPlease refer to the RESOLUTION\n below for a list of impacted products. \n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P23**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: R2514P10**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P01**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P01**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P01**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1809P11**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P17**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P19**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P20**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P14**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2-48 (Comware 5) - Version: R2110P06**\n    * HP Network Products\n      - JG315A HP 3100-48 v2 Switch\n      - JG315B HP 3100-48 v2 Switch\n  + **HP870 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P46**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P46**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P46**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: R3734P08**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: R3811P05**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: R3820P06**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC165A) HP 6600 RPE-X1 Router Module\n      - JG781A) HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC176A) HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P23-RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1111**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1109**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1516**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1108**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7376**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1138P01**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0305P04**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0321P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2138P01**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **5700 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2422P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P05**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3109P16**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7170**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n\n**iMC Products**\n\n  + **iMC Plat - Version: iMC Plat 7.1 E0303P16**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG550AAE  HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU\n      - JG590AAE  HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\n      - JG659AAE  HP IMC Smart Connect VAE E-LTU\n      - JG660AAE  HP IMC Smart Connect w/WLM VAE E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG766AAE  HP IMC SmCnct Vrtl Applnc SW E-LTU\n      - JG767AAE  HP IMC SmCnct WSM Vrtl Applnc SW E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **iMC iNode - Version: iNode PC 7.1 E0313, or, iNode PC 7.2 (E0401)**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC TAM_UAM - Version: iMC UAM_TAM 7.1 (E0307)**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **iMC NSM - Version: iMC WSM 7.1 E0303P10**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.18**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\nHISTORY\nVersion:1 (rev.1) - 5 July 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a  openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6  openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5  openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f  openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704  openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f  openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b  openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8  openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888  openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99  openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206  openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b  openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9  openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e  openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc  openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954  openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b  openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20  openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750  openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b  openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656  a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27  n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2  a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4  n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\n===========================================================\n\nSeverity: Moderate\n\nWhen processing an ECParameters structure OpenSSL enters an infinite loop if\nthe curve specified is over a specially malformed binary polynomial field. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1791",
        "trust": 3.7
      },
      {
        "db": "BID",
        "id": "75161",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10733",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1032479",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVNVU91445763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1791",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137294",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137772",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136989",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "id": "VAR-201506-0496",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-07-23T19:41:24.247000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "title": "Fix race condition in NewSessionTicket",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "title": "Tarballs",
        "trust": 0.8,
        "url": "https://www.openssl.org/source/"
      },
      {
        "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "TLSA-2015-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-14j.html"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
      },
      {
        "title": "openssl-1.0.0s",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56611"
      },
      {
        "title": "openssl-0.9.8zg",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56610"
      },
      {
        "title": "openssl-1.0.2b",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56613"
      },
      {
        "title": "openssl-1.0.1n",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56612"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1791",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1791"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-550",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-550"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/no-25-miner/vulseeker-master "
      },
      {
        "title": "FirmKit",
        "trust": 0.1,
        "url": "https://github.com/syssec-kaist/firmkit "
      },
      {
        "title": "BinSeeker",
        "trust": 0.1,
        "url": "https://github.com/buptssegj/binseeker "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-362",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 2.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 2.0,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/75161"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
      },
      {
        "trust": 1.7,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965"
      },
      {
        "trust": 1.7,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032479"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1791"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.5,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.5,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962775"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005376"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966723"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012435"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962726"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964441"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964113"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005373"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005434"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/362.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/no-25-miner/vulseeker-master"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/syssec-kaist/firmkit"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=47152"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/swd/public"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?doci"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/sim"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "db": "BID",
        "id": "75161"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75161"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "date": "2016-06-02T16:22:00",
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "date": "2015-08-06T10:10:00",
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "date": "2015-06-22T14:14:00",
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "date": "2016-07-05T18:18:00",
        "db": "PACKETSTORM",
        "id": "137772"
      },
      {
        "date": "2015-06-12T13:17:58",
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "date": "2016-05-13T16:14:13",
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "date": "2015-06-12T19:59:04.397000",
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1791"
      },
      {
        "date": "2017-05-23T16:28:00",
        "db": "BID",
        "id": "75161"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      },
      {
        "date": "2022-12-13T12:15:15.400000",
        "db": "NVD",
        "id": "CVE-2015-1791"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  ssl/s3_clnt.c of  ssl3_get_new_session_ticket Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003083"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "competition condition problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-247"
      }
    ],
    "trust": 0.6
  }
}

var-201708-0340
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. FortiManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiManager is prone to following security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. An HTML-injection vulnerability 3. An SQL-injection vulnerability 4. A local privilege-escalation vulnerability 5. An arbitrary file-download vulnerability Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0340",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.x"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3615"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_400e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_2000e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_3000f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_3900e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_200d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_300e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3615"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maksymilian Motyl and the ITN Security Team at Orange Polska",
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3615",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3615",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-81576",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2015-3615",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3615",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-580",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81576",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3615"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. FortiManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. FortiManager is prone to following security vulnerabilities:\n1. A remote privilege-escalation vulnerability\n2. An HTML-injection vulnerability\n3. An SQL-injection vulnerability\n4. A local privilege-escalation vulnerability\n5. An arbitrary file-download vulnerability\nExploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3615"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81576"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3615",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032188",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "74444",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-580",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "37413",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81576",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81576"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3615"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ]
  },
  "id": "VAR-201708-0340",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81576"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:03:42.418000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-15-011",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "title": "Fortinet FortiManager Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73992"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3615"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032188"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/74444"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3615"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3615"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/37413"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-011/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81576"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3615"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81576"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3615"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81576"
      },
      {
        "date": "2015-04-16T00:00:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2017-09-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "date": "2017-08-11T21:29:00.370000",
        "db": "NVD",
        "id": "CVE-2015-3615"
      },
      {
        "date": "2017-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81576"
      },
      {
        "date": "2017-08-25T07:11:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2017-09-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      },
      {
        "date": "2017-08-26T01:29:00.333000",
        "db": "NVD",
        "id": "CVE-2015-3615"
      },
      {
        "date": "2017-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007716"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-580"
      }
    ],
    "trust": 0.6
  }
}

var-201708-0342
Vulnerability from variot

Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. Fortinet FortiManager Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiManager is prone to following security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. An HTML-injection vulnerability 3. An SQL-injection vulnerability 4. A local privilege-escalation vulnerability 5. An arbitrary file-download vulnerability Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0342",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3617"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maksymilian Motyl and the ITN Security Team at Orange Polska",
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3617",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3617",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-81578",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-3617",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3617",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-1013",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81578",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. Fortinet FortiManager Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiManager is prone to following security vulnerabilities:\n1. A remote privilege-escalation vulnerability\n2. An HTML-injection vulnerability\n3. An SQL-injection vulnerability\n4. A local privilege-escalation vulnerability\n5. An arbitrary file-download vulnerability\nExploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3617"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81578"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3617",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032188",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "74444",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1013",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "37450",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81578",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81578"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ]
  },
  "id": "VAR-201708-0342",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81578"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:03:42.389000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-15-011",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74244"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81578"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3617"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032188"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/74444"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3617"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3617"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/37450"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-011/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81578"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81578"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3617"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81578"
      },
      {
        "date": "2015-04-16T00:00:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2017-09-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "date": "2017-08-22T15:29:00.290000",
        "db": "NVD",
        "id": "CVE-2015-3617"
      },
      {
        "date": "2017-08-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81578"
      },
      {
        "date": "2017-08-25T07:11:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2017-09-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      },
      {
        "date": "2017-08-29T14:42:25.447000",
        "db": "NVD",
        "id": "CVE-2015-3617"
      },
      {
        "date": "2017-08-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager Vulnerabilities related to authorization, permissions, and access control",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007773"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-1013"
      }
    ],
    "trust": 0.6
  }
}

var-202108-0672
Vulnerability from variot

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration. FortiManager and FortiAnalyzer Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. FortiManager and FortiAnalyzer have an access control error vulnerability due to improper access restrictions. The vulnerability could allow a remote user to gain unauthorized access

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202108-0672",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.2.8  and earlier"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.5  and earlier"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.0.11  and earlier"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "5.6.11  and earlier"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.0"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32587"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32587"
      }
    ]
  },
  "cve": "CVE-2021-32587",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-32587",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-392559",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "OTHER",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-009597",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-32587",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-32587",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-360",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-392559",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-32587",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392559"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32587"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-360"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration. FortiManager and  FortiAnalyzer Contains an improper authentication vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. FortiManager and FortiAnalyzer have an access control error vulnerability due to improper access restrictions. The vulnerability could allow a remote user to gain unauthorized access",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392559"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32587"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-32587",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-360",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2617",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080318",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-392559",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32587",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392559"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-360"
      }
    ]
  },
  "id": "VAR-202108-0672",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392559"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:53:09.939000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-059",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-21-059"
      },
      {
        "title": "Fortinet FortiManager  and  Fortinet FortiAnalyzer Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158606"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-360"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "Bad authentication (CWE-863) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32587"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-21-059"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32587"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080318"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2617"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-information-disclosure-via-administrators-account-list-36042"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/863.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392559"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-360"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-392559"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32587"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-360"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392559"
      },
      {
        "date": "2021-08-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32587"
      },
      {
        "date": "2022-05-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "date": "2021-08-06T11:15:07.357000",
        "db": "NVD",
        "id": "CVE-2021-32587"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-360"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-06-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392559"
      },
      {
        "date": "2021-08-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32587"
      },
      {
        "date": "2022-05-11T07:26:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      },
      {
        "date": "2022-06-28T14:11:45.273000",
        "db": "NVD",
        "id": "CVE-2021-32587"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-360"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-360"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 and \u00a0FortiAnalyzer\u00a0 Authentication Vulnerability in Microsoft",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009597"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201705-3163
Vulnerability from variot

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. FortiAnalyzer and FortiManager are prone to an open-redirect vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. An open redirection vulnerability exists in Fortinet FortiAnalyzer versions 5.4.0 through 5.4.2 and FortiManager versions 5.4.0 through 5.4.2

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3163",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.0 to  5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.0 to  5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "98557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3126"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ronan Dunne of Biocompatibles UK Ltd",
    "sources": [
      {
        "db": "BID",
        "id": "98557"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-3126",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-3126",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-111329",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-3126",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-3126",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201705-1287",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-111329",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. FortiAnalyzer and FortiManager are prone to an open-redirect vulnerability. \nAn attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. An open redirection vulnerability exists in Fortinet FortiAnalyzer versions 5.4.0 through 5.4.2 and FortiManager versions 5.4.0 through 5.4.2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-3126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "db": "BID",
        "id": "98557"
      },
      {
        "db": "VULHUB",
        "id": "VHN-111329"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-3126",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1038540",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "98557",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1038539",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1287",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-111329",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111329"
      },
      {
        "db": "BID",
        "id": "98557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ]
  },
  "id": "VAR-201705-3163",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111329"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:19:46.850000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-17-014",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-17-014"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70601"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-601",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111329"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3126"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-17-014"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/98557"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038539"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038540"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3126"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3126"
      },
      {
        "trust": 0.6,
        "url": "http://securitytracker.com/id/1038540"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-111329"
      },
      {
        "db": "BID",
        "id": "98557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-111329"
      },
      {
        "db": "BID",
        "id": "98557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-3126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-05-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111329"
      },
      {
        "date": "2017-02-09T00:00:00",
        "db": "BID",
        "id": "98557"
      },
      {
        "date": "2017-06-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "date": "2017-05-27T00:29:00.973000",
        "db": "NVD",
        "id": "CVE-2017-3126"
      },
      {
        "date": "2017-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-111329"
      },
      {
        "date": "2017-02-09T00:00:00",
        "db": "BID",
        "id": "98557"
      },
      {
        "date": "2017-06-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      },
      {
        "date": "2017-07-08T01:29:11.803000",
        "db": "NVD",
        "id": "CVE-2017-3126"
      },
      {
        "date": "2017-05-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiAnalyzer and  FortiManager Open redirect vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004538"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201705-1287"
      }
    ],
    "trust": 0.6
  }
}

var-202003-0840
Vulnerability from variot

An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. FortiManager Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. A security vulnerability exists in Fortinet FortiManager versions 6.2.0 to 6.2.1 and versions 6.0.6 and earlier

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0840",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "6.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.0.6"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17654"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17654"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-17654",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015075",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-149922",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015075",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-17654",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015075",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-789",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-149922",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17654"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. FortiManager Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. A security vulnerability exists in Fortinet FortiManager versions 6.2.0 to 6.2.1 and versions 6.0.6 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17654"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "db": "VULHUB",
        "id": "VHN-149922"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-17654",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-789",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0507",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0510",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-149922",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17654"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ]
  },
  "id": "VAR-202003-0840",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149922"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:04:49.643000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-19-191",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-19-191"
      },
      {
        "title": "Fortinet FortiManager Repair measures for data forgery problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=111188"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-345",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17654"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/psirt/fg-ir-19-191"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17654"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17654"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0507/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-information-disclosure-via-cross-site-websocket-hijacking-31602"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0510/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17654"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-149922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17654"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-149922"
      },
      {
        "date": "2020-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "date": "2020-03-15T23:15:11.407000",
        "db": "NVD",
        "id": "CVE-2019-17654"
      },
      {
        "date": "2020-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-03-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-149922"
      },
      {
        "date": "2020-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      },
      {
        "date": "2020-03-19T20:15:35.033000",
        "db": "NVD",
        "id": "CVE-2019-17654"
      },
      {
        "date": "2020-03-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager Vulnerability in inadequate validation of data reliability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015075"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-789"
      }
    ],
    "trust": 0.6
  }
}

var-201505-0377
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. FortiAnalyzer and FortiManager are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0377",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.0 to  5.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.0 to  5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.3 to  5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.0 to  5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-031"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3620"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jared Haight, William Costa, and Benjamin Kunz Mejri (Vulnerability Laboratory, Evolution Security GmbH).",
    "sources": [
      {
        "db": "BID",
        "id": "74646"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3620",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3620",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-81581",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3620",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-031",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81581",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81581"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-031"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. FortiAnalyzer and FortiManager are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      },
      {
        "db": "BID",
        "id": "74646"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81581"
      }
    ],
    "trust": 1.98
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-81581",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81581"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3620",
        "trust": 2.8
      },
      {
        "db": "PACKETSTORM",
        "id": "131766",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "74646",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1032262",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-031",
        "trust": 0.7
      },
      {
        "db": "SECUNIA",
        "id": "64308",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81581",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81581"
      },
      {
        "db": "BID",
        "id": "74646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-031"
      }
    ]
  },
  "id": "VAR-201505-0377",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81581"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:20:53.667000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multiple products cross-site scripting vulnerabilities",
        "trust": 0.8,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-005/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81581"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3620"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-005/"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/131766/fortinet-fortianalyzer-fortimanager-cross-site-scripting.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/74646"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/535452/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2015/may/13"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032262"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3620"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3620"
      },
      {
        "trust": 0.6,
        "url": "http://secunia.com/advisories/64308"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimail/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81581"
      },
      {
        "db": "BID",
        "id": "74646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-031"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81581"
      },
      {
        "db": "BID",
        "id": "74646"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3620"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-031"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81581"
      },
      {
        "date": "2015-02-25T00:00:00",
        "db": "BID",
        "id": "74646"
      },
      {
        "date": "2015-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      },
      {
        "date": "2015-05-12T19:59:23.043000",
        "db": "NVD",
        "id": "CVE-2015-3620"
      },
      {
        "date": "2015-05-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-031"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81581"
      },
      {
        "date": "2015-02-25T00:00:00",
        "db": "BID",
        "id": "74646"
      },
      {
        "date": "2015-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      },
      {
        "date": "2018-10-09T19:56:55.827000",
        "db": "NVD",
        "id": "CVE-2015-3620"
      },
      {
        "date": "2015-05-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-031"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-031"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiAnalyzer and  FortiManager Advanced Dataset Report Page Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002670"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-031"
      }
    ],
    "trust": 0.6
  }
}

var-201905-0763
Vulnerability from variot

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). Fortinet FortiAnalyzer and FortiManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiManager and FortiAnalyzer are prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Other attacks are also possible. The following products are affected: FortiManager 5.6.0 and prior FortiAnalyzer 5.6.0 and prior. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0763",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.13"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "108502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13375"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13375"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Adrian Dabrowski of SBA Research gGmbH Sitz.",
    "sources": [
      {
        "db": "BID",
        "id": "108502"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-13375",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-13375",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-123428",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-13375",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-13375",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-1045",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123428",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1045"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). Fortinet FortiAnalyzer and FortiManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiManager and FortiAnalyzer are prone to an cross-site scripting vulnerability because it fails to properly  sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Other attacks are also possible. \nThe following products are affected:\nFortiManager 5.6.0 and prior\nFortiAnalyzer 5.6.0 and prior. Both Fortinet FortiManager and Fortinet FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13375"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "db": "BID",
        "id": "108502"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123428"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-13375",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1045",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "108502",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-123428",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123428"
      },
      {
        "db": "BID",
        "id": "108502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1045"
      }
    ]
  },
  "id": "VAR-201905-0763",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123428"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:28:16.676000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-18-121",
        "trust": 0.8,
        "url": "https://fortiguard.com/advisory/fg-ir-18-121"
      },
      {
        "title": "Fortinet FortiManager  and Fortinet FortiAnalyzer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92994"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1045"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13375"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-18-121"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13375"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13375"
      },
      {
        "trust": 0.3,
        "url": "https://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-18-121"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123428"
      },
      {
        "db": "BID",
        "id": "108502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1045"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123428"
      },
      {
        "db": "BID",
        "id": "108502"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1045"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123428"
      },
      {
        "date": "2018-11-16T00:00:00",
        "db": "BID",
        "id": "108502"
      },
      {
        "date": "2019-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "date": "2019-05-28T19:29:00.597000",
        "db": "NVD",
        "id": "CVE-2018-13375"
      },
      {
        "date": "2019-05-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-1045"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123428"
      },
      {
        "date": "2018-11-16T00:00:00",
        "db": "BID",
        "id": "108502"
      },
      {
        "date": "2019-06-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      },
      {
        "date": "2019-05-30T15:19:19.737000",
        "db": "NVD",
        "id": "CVE-2018-13375"
      },
      {
        "date": "2019-05-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-1045"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1045"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiAnalyzer and  FortiManager Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015553"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-1045"
      }
    ],
    "trust": 0.6
  }
}

var-201708-0339
Vulnerability from variot

Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. Fortinet FortiManager Contains an information disclosure vulnerability.Information may be obtained. FortiManager is prone to following security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. An HTML-injection vulnerability 3. An SQL-injection vulnerability 4. A local privilege-escalation vulnerability 5. An arbitrary file-download vulnerability Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0339",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3614"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_2000e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_400e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_300e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_3900e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_200d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_3000f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3614"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maksymilian Motyl and the ITN Security Team at Orange Polska",
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3614",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3614",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81575",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-3614",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3614",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-579",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81575",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81575"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3614"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. Fortinet FortiManager Contains an information disclosure vulnerability.Information may be obtained. FortiManager is prone to following security vulnerabilities:\n1. A remote privilege-escalation vulnerability\n2. An HTML-injection vulnerability\n3. An SQL-injection vulnerability\n4. A local privilege-escalation vulnerability\n5. An arbitrary file-download vulnerability\nExploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81575"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3614",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032188",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "74444",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-579",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "37414",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81575",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81575"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3614"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ]
  },
  "id": "VAR-201708-0339",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81575"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:03:42.449000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-15-011",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73991"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81575"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3614"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032188"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/74444"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3614"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3614"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/37414"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-011/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81575"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3614"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81575"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3614"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81575"
      },
      {
        "date": "2015-04-16T00:00:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2017-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "date": "2017-08-11T21:29:00.323000",
        "db": "NVD",
        "id": "CVE-2015-3614"
      },
      {
        "date": "2017-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81575"
      },
      {
        "date": "2017-08-25T07:11:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2017-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      },
      {
        "date": "2017-08-26T01:29:00.270000",
        "db": "NVD",
        "id": "CVE-2015-3614"
      },
      {
        "date": "2017-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007727"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-579"
      }
    ],
    "trust": 0.6
  }
}

var-202111-0232
Vulnerability from variot

An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. FortiManager Exists in unspecified vulnerabilities.Information may be tampered with. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0232",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "fortimanager  firmware  6.4.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "fortimanager  firmware  6.4.4"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26107"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-26107"
      }
    ]
  },
  "cve": "CVE-2021-26107",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-26107",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-385071",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-26107",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-26107",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-26107",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202111-325",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-385071",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26107"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-325"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. FortiManager Exists in unspecified vulnerabilities.Information may be tampered with. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-26107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "db": "VULHUB",
        "id": "VHN-385071"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-26107",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-325",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021111610",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3906",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-385071",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-325"
      }
    ]
  },
  "id": "VAR-202111-0232",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385071"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:42:16.533000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiManager\u00a0-\u00a0Improper\u00a0Inter\u00a0ADOM\u00a0access\u00a0control FortiGuard\u00a0PSIRT\u00a0Advisory",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt?date=11-2021\u0026risk=3"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=168662"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-325"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-863",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26107"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-21-043"
      },
      {
        "trust": 1.6,
        "url": "https://www.fortiguard.com/psirt?date=11-2021\u0026risk=3"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26107"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021111610"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3906"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortinet-fortimanager-read-write-access-via-vpn-tunnel-status-36796"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-325"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-385071"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-325"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-385071"
      },
      {
        "date": "2022-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "date": "2021-11-02T18:15:08.377000",
        "db": "NVD",
        "id": "CVE-2021-26107"
      },
      {
        "date": "2021-11-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-325"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-06-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-385071"
      },
      {
        "date": "2022-10-13T02:28:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      },
      {
        "date": "2022-06-28T14:11:45.273000",
        "db": "NVD",
        "id": "CVE-2021-26107"
      },
      {
        "date": "2021-11-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-325"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-325"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014328"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-325"
      }
    ],
    "trust": 0.6
  }
}

var-202002-0833
Vulnerability from variot

A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. FortiManager In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FortiManager is prone to following security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. An HTML-injection vulnerability 3. An SQL-injection vulnerability 4. A local privilege-escalation vulnerability 5. An arbitrary file-download vulnerability Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Attackers can exploit this vulnerability to execute system commands

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0833",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "fortimanager  firmware  5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "fortimanager  firmware  5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3611"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.10",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.1",
                "versionStartIncluding": "5.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3611"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maksymilian Motyl and the ITN Security Team at Orange Polska",
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3611",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2015-3611",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-81572",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-3611",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3611",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-052",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81572",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81572"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3611"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. FortiManager In OS A command injection vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FortiManager is prone to following security vulnerabilities:\n1. A remote privilege-escalation vulnerability\n2. An HTML-injection vulnerability\n3. An SQL-injection vulnerability\n4. A local privilege-escalation vulnerability\n5. An arbitrary file-download vulnerability\nExploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. Attackers can exploit this vulnerability to execute system commands",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3611"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81572"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3611",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "74444",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1032188",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-052",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-07200",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-81572",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81572"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3611"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ]
  },
  "id": "VAR-202002-0833",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81572"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:03:42.514000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multiple\u00a0Vulnerabilities\u00a0in\u00a0FortiManager",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "title": "Fortinet FortiManager Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109811"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81572"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3611"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/74444"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032188"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3611"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-011/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81572"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3611"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81572"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3611"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81572"
      },
      {
        "date": "2015-04-16T00:00:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "date": "2020-02-04T20:15:11.340000",
        "db": "NVD",
        "id": "CVE-2015-3611"
      },
      {
        "date": "2020-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81572"
      },
      {
        "date": "2017-08-25T07:11:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      },
      {
        "date": "2020-02-05T21:44:43.560000",
        "db": "NVD",
        "id": "CVE-2015-3611"
      },
      {
        "date": "2020-03-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008559"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-052"
      }
    ],
    "trust": 0.6
  }
}

var-201511-0089
Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory. Fortinet FortiManager is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. FortiManager 5.2.2 and prior versions are vulnerable. [+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTIMANAGER-XSS-0924.txt

Vendor:

www.fortinet.com

Product:

FortiManager v5.2.2

FortiManager is a centralized security management appliance that allows you to centrally manage any number of Fortinet Network Security devices. 2 potential XSS vectors were identified:

  • XSS vulnerability in SOMVpnSSLPortalDialog.
  • XSS vulnerability in FGDMngUpdHistory. 2 potential XSS vectors were identified:

  • XSS vulnerability in sharedjobmanager.

  • XSS vulnerability in SOMServiceObjDialog.

Affected Products

XSS items 1-2: FortiManager v5.2.2 or earlier. XSS items 3-4: FortiManager v5.2.3 or earlier.

Solutions:

No workarounds are currently available. Update to FortiManager v5.2.4.

Exploit code(s):

1- Persistent: https://localhost/cgi-bin/module/sharedobjmanager/firewall/SOMServiceObjDialog?devGrpId=18446744073709551615&deviceId=18446744073709551615&vdom=&adomId=3&vdomID=0&adomType=ems&cate=167&prodId=0&key=ALL&catetype=167&cate=167&permit_w=1&roid=189&startIndex=0&results=50


var-202203-0907
Vulnerability from variot

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. Fortinet FortiAnalyzer and FortiManager Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. Fortinet FortiAnalyzer has an access control error vulnerability, which is caused by network systems or products that do not properly restrict resource access from unauthorized roles. Attackers could exploit this vulnerability to bypass device policies and force their users to perform password changes

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202203-0907",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.11"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.0  to  7.0.2"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "5.6.0  to  5.6.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.2.0  to  6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.0  to  6.4.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.0.0  to  6.0.11"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22300"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.11",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.11",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22300"
      }
    ]
  },
  "cve": "CVE-2022-22300",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2022-22300",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-410854",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-22300",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-22300",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-22300",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202203-033",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-410854",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-22300",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410854"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-033"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22300"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22300"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user. Fortinet FortiAnalyzer and FortiManager Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This product is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. Fortinet FortiAnalyzer has an access control error vulnerability, which is caused by network systems or products that do not properly restrict resource access from unauthorized roles. Attackers could exploit this vulnerability to bypass device policies and force their users to perform password changes",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "db": "VULHUB",
        "id": "VHN-410854"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22300"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22300",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0857",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022030127",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-033",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-18533",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-410854",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22300",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410854"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-033"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22300"
      }
    ]
  },
  "id": "VAR-202203-0907",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410854"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-02-13T22:34:21.149000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-255",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-21-255"
      },
      {
        "title": "Fortinet FortiAnalyzer Fixes for permissions and access control issues vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=184273"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-rce "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-033"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-755",
        "trust": 1.0
      },
      {
        "problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-863",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410854"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22300"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/psirt/fg-ir-21-255"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22300"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-denial-of-service-via-password-change-action-37683"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-22300/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0857"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022030127"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/755.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-410854"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-033"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22300"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-410854"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22300"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-033"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22300"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-410854"
      },
      {
        "date": "2022-03-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22300"
      },
      {
        "date": "2023-07-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "date": "2022-03-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-033"
      },
      {
        "date": "2022-03-01T19:15:08.590000",
        "db": "NVD",
        "id": "CVE-2022-22300"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-03-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-410854"
      },
      {
        "date": "2023-08-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22300"
      },
      {
        "date": "2023-07-14T02:37:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202203-033"
      },
      {
        "date": "2023-08-08T14:21:49.707000",
        "db": "NVD",
        "id": "CVE-2022-22300"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-033"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet\u00a0FortiAnalyzer\u00a0 and \u00a0FortiManager\u00a0 Fraud related to unauthorized authentication in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-007383"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202203-033"
      }
    ],
    "trust": 0.6
  }
}

var-201406-0445
Vulnerability from variot

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. Versions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable.

HP Connect IT / HP SPM CIT - 9.5x Please install: HP Connect IT 9.53.P2

For Windows http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070

For Linux http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071

For AIX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072

For HPUX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073

For Solaris http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074

HP Connect IT / HP SPM CIT - 9.4x Please install: HP Connect IT 9.40.P1

For windows(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075

For Linux(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076

For AIX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077

For HPUX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078

For Solaris(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079

HP Connect IT / HP SPM AM 5.2x Please install: HP Connect IT 9.41.P1

HISTORY Version:1 (rev.1) - 19 August 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. ============================================================================ Ubuntu Security Notice USN-2232-3 June 23, 2014

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 13.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

USN-2232-1 introduced a regression in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.

Original advisory details:

J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.4

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.6

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.16

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.19

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2232-3 http://www.ubuntu.com/usn/usn-2232-1 https://launchpad.net/bugs/1332643

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4 https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-05


                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: July 27, 2014 Bugs: #512506 ID: 201407-05


Synopsis

Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1h-r1 >= 0.9.8z_p5 >= 0.9.8z_p4 >= 0.9.8z_p1 >= 0.9.8z_p3 >= 0.9.8z_p2 >= 1.0.0m >= 1.0.1h-r1

Description

Multiple vulnerabilities have been discovered in OpenSSL.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"

References

[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201407-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04347622

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04347622 Version: 1

HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-06-20 Last Updated: 2014-06-20

Potential Security Impact: Remote Denial of Service (DoS), code execution, unauthorized access, modification of information, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC), HP Network Products including 3COM and H3C routers and switches running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information.

References:

CVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information CVE-2014-0198 Remote Unauthorized Access (only iMC impacted) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information SSRT101561 Note: All products listed are impacted by CVE-2014-0224 . iMC is also impacted by CVE-2014-0198 and CVE-2010-5298

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION section below for a list of impacted products.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION On June 5th 2014, OpenSSL.org issued an advisory with several CVE vulnerabilities. HP Networking is working to release fixes for these vulnerabilities that impact the products in the table below. As fixed software is made available, this security bulletin will be updated to show the fixed versions. Until the software fixes are available, HP Networking is providing the following information including possible workarounds to mitigate the risks of these vulnerabilities.

Description

The most serious issue reported is CVE-2014-0224 and it is the one discussed here. To take advantage CVE-2014-0224, an attacker must:

be in between the OpenSSL client and OpenSSL server. be capable of intercepting and modifying packets between the OpenSSL client and OpenSSL server in real time.

Workarounds

HP Networking equipment is typically deployed inside firewalls and access to management interfaces and other protocols is more tightly controlled than in public environments. This deployment and security restrictions help to reduce the possibility of an attacker being able to intercept both OpenSSL client and OpenSSL server traffic.

Following the guidelines in the Hardening Comware-based devices can help to further reduce man-in-the-middle opportunities:

http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536 920

For an HP Networking device acting as an OpenSSL Server, using a patched OpenSSL client or non-OpenSSL client eliminates the risk. As an example, most modern web browsers do not use the OpenSSL client and the sessions between the HP Networking OpenSSL server and the non-OpenSSL client are not at risk for this attack. For HP Networking Equipment that is using an OpenSSL client, patching the OpenSSL server will eliminate the risk of this attack.

Protocol Notes

The following details the protocols that use OpenSSL in Comware v5 and Comware v7:

Comware V7:

Server:

FIPS/HTTPS/Load Balancing/Session Initiation Protocol

Client:

Load Balancing/OpenFlow/Session Initiation Protocol/State Machine Based Anti-Spoofing/Dynamic DNS

Comware V5:

Server:

CAPWAP/EAP/SSLVPN

Client:

Dynamic DNS

Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted

12900 Switch Series Fix in progress use mitigations JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit

12500 Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

12500 (Comware v7) Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

11900 Switch Series Fix in progress use mitigations JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit

10500 Switch Series (Comware v5) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis

10500 Switch Series (Comware v7) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS

9500E Fix in progress use mitigations JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)

Router 8800 Fix in progress use mitigations JC147A HP A8802 Router Chassis JC147B HP 8802 Router Chassis JC148A HP A8805 Router Chassis JC148B HP 8805 Router Chassis JC149A HP A8808 Router Chassis JC149B HP 8808 Router Chassis JC150A HP A8812 Router Chassis JC150B HP 8812 Router Chassis JC141A HP 8802 Main Control Unit Module JC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod JC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod H3C SR8805 10G Core Router Chassis (0235A0G8) H3C SR8808 10G Core Router Chassis (0235A0G9) H3C SR8812 10G Core Router Chassis (0235A0GA) H3C SR8802 10G Core Router Chassis (0235A0GC) H3C SR8802 10G Core Router Chassis (0235A31B) H3C SR8805 10G Core Router Chassis (0235A31C) H3C SR8808 10G Core Router Chassis (0235A31D) H3C SR8812 10G Core Router Chassis (0235A31E)

7500 Switch Series Fix in progress use mitigations JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)

HSR6800 Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6800 Russian Version Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6602 Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

HSR6602 Russian Version Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

A6600 Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

A6600 Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

5920 Switch Series Fix in progress use mitigations JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch

5900 Switch Series Fix in progress use mitigations JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch

5900 Virtual Switch Fix in progress use mitigations JG814AAE HP Virtual Switch 5900v VMware E-LTU JG815AAE HP VSO SW for 5900v VMware E-LTU

5830 Switch Series Fix in progress use mitigations JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch

5820 Switch Series Fix in progress use mitigations JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)

5800 Switch Series Fix in progress use mitigations JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)

5500 HI Switch Series Fix in progress use mitigations JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt

5500 EI Switch Series Fix in progress use mitigations JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)

5500 SI Switch Series Fix in progress use mitigations JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)

5120 EI Switch Series Fix in progress use mitigations JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)

5120 SI switch Series Fix in progress use mitigations JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)

4800 G Switch Series Fix in progress use mitigations JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch

3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)

4510G Switch Series Fix in progress use mitigations JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch

3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91)

4210G Switch Series Fix in progress use mitigations JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch

3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91)

3610 Switch Series Fix in progress use mitigations JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)

3600 V2 Switch Series Fix in progress use mitigations JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch

3100V2 Fix in progress use mitigations JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch

3100V2-48 Fix in progress use mitigations JG315A HP 3100-48 v2 Switch

1910 Fix in progress use mitigations JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293) 3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093) 3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893) 3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93) 3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)

1810v1 P2 Fix in progress use mitigations J9449A HP 1810-8G Switch J9450A HP 1810-24G Switch

1810v1 PK Fix in progress use mitigations J9660A HP 1810-48G Switch

MSR20 Fix in progress use mitigations JD432A HP A-MSR20-21 Multi-Service Router JD662A HP MSR20-20 Multi-Service Router JD663A HP MSR20-21 Multi-Service Router JD663B HP MSR20-21 Router JD664A HP MSR20-40 Multi-Service Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326) H3C MSR 20-20 (0235A19H) H3C MSR 20-21 (0235A325) H3C MSR 20-40 (0235A19K) H3C MSR-20-21 Router (0235A19J)

MSR20-1X Fix in progress use mitigations JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)

MSR30 Fix in progress use mitigations JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)

MSR30-16 Fix in progress use mitigations JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)

MSR30-1X Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)

MSR50 Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)

MSR50-G2 Fix in progress use mitigations JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)

MSR20 Russian version Fix in progress use mitigations JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)

MSR20-1X Russian version Fix in progress use mitigations JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)

MSR30 Russian version Fix in progress use mitigations JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)

MSR30-1X Russian version Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)

MSR30-16 Russian version Fix in progress use mitigations JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)

MSR50 Russian version Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)

MSR50 G2 Russian version Fix in progress use mitigations JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)

MSR9XX Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)

MSR9XX Russian version Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)

MSR93X Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

MSR93X Russian version Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

MSR1000 Fix in progress use mitigations JG732A HP MSR1003-8 AC Router

MSR2000 Fix in progress use mitigations JG411A HP MSR2003 AC Router

MSR3000 Fix in progress use mitigations JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router

MSR4000 Fix in progress use mitigations JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit

F5000 Fix in progress use mitigations JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)

U200S and CS Fix in progress use mitigations JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)

U200A and M Fix in progress use mitigations JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)

F1000A and S Fix in progress use mitigations JD270A HP S1000-S VPN Firewall Appliance JD271A HP S1000-A VPN Firewall Appliance JG213A HP F1000-S-EI VPN Firewall Appliance JG214A HP F1000-A-EI VPN Firewall Appliance

SecBlade FW Fix in progress use mitigations JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)

F1000E Fix in progress use mitigations JD272A HP S1000-E VPN Firewall Appliance

VSR1000 Fix in progress use mitigations JG810AAE HP VSR1001 Virtual Services Router JG811AAE HP VSR1001 Virtual Services Router JG812AAE HP VSR1004 Virtual Services Router JG813AAE HP VSR1008 Virtual Services Router

WX5002/5004 Fix in progress use mitigations JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod

HP 850/870 Fix in progress use mitigations JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc

HP 830 Fix in progress use mitigations JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch

HP 6000 Fix in progress use mitigations JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod

M220 Fix in progress use mitigations J9798A HP M220 802.11n AM Access Point J9799A HP M220 802.11n WW Access Point

NGFW Fix in progress use mitigations JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic JC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic JC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic JC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic JC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic

iMC UAM 7.0 Fix in progress use mitigations JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JD435A HP IMC EAD Client Software JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU

iMC EAD 7.0 Fix in progress use mitigations JF391AAE HP IMC EAD S/W Module w/200-user E-LTU JG754AAE HP IMC EAD SW Module w/ 50-user E-LTU JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License JF391A HP IMC EAD S/W Module w/200-user License

iMC PLAT 7.0 Fix in progress use mitigations JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG747AAE HP IMC Standard Software Platform with 50-node E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU JD125A HP IMC Standard Edition Software Platform with 100-node License JD815A HP IMC Standard Edition Software Platform with 100-node License JD816A HP A-IMC Standard Edition Software DVD Media JF377A HP IMC Standard Edition Software Platform with 100-node License JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU TJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL not HPNs) JF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU JG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU JD126A HP A-IMC Enterprise Software Platform with 200-node License JD808A HP A-IMC Enterprise Software Platform with 200-node License JD814A HP A-IMC Enterprise Edition Software DVD Media JF378A HP IMC Enterprise Edition Software Platform with 200-node License JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition E-LTU JG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance Software E-LTU

HISTORY Version:1 (rev.1) - 20 June 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq CtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM =CEL7 -----END PGP SIGNATURE----- . OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. To obtain the updated firmware, go to www.hp.com and follow these steps:

Select "Drivers & Software". Enter the appropriate product name listed in the table below into the search field. Click on "Search". Click on the appropriate product. Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select applicable Windows operating system from the list. Select the appropriate firmware update under "Firmware".

Firmware Updates Table

Product Name Model Number Firmware Revision

HP Color LaserJet CM4540 MFP CC419A, CC420A, CC421A v 2302963_436067 (or higher)

HP Color LaserJet CP5525 CE707A,CE708A,CE709A v 2302963_436070 (or higher)

HP Color LaserJet Enterprise M750 D3L08A, D3L09A, D3L10A v 2302963_436077 (or higher)

HP Color LaserJet M651 CZ255A, CZ256A, CZ257A, CZ258A v 2302963_436073 (or higher)

HP Color LaserJet M680 CZ248A, CZ249A v 2302963_436072 (or higher)

HP Color LaserJet Flow M680 CZ250A, CA251A v 2302963_436072 (or higher)

HP LaserJet Enterprise 500 color MFP M575dn CD644A, CD645A v 2302963_436081 (or higher)

HP LaserJet Enterprise 500 MFP M525f CF116A, CF117A v 2302963_436069 (or higher)

HP LaserJet Enterprise 600 M601 Series CE989A, CE990A v 2302963_436082 (or higher)

HP LaserJet Enterprise 600 M602 Series CE991A, CE992A, CE993A v 2302963_436082 (or higher)

HP LaserJet Enterprise 600 M603 Series CE994A, CE995A, CE996A v 2302963_436082 (or higher)

HP LaserJet Enterprise MFP M630 series B3G84A, B3G85A, B3G86A, J7X28A v 2303714_233000041 (or higher)

HP LaserJet Enterprise 700 color M775 series CC522A, CC523A, CC524A, CF304A v 2302963_436079 (or higher)

HP LaserJet Enterprise 700 M712 series CF235A, CF236A, CF238A v 2302963_436080 (or higher)

HP LaserJet Enterprise 800 color M855 A2W77A, A2W78A, A2W79A v 2302963_436076 (or higher)

HP LaserJet Enterprise 800 color MFP M880 A2W76A, A2W75A, D7P70A, D7P71A v 2302963_436068 (or higher)

HP LaserJet Enterprise Color 500 M551 Series CF081A,CF082A,CF083A v 2302963_436083 (or higher)

HP LaserJet Enterprise color flow MFP M575c CD646A v 2302963_436081 (or higher)

HP LaserJet Enterprise flow M830z MFP CF367A v 2302963_436071 (or higher)

HP LaserJet Enterprise flow MFP M525c CF118A v 2302963_436069 (or higher)

HP LaserJet Enterprise M4555 MFP CE502A,CE503A, CE504A, CE738A v 2302963_436064 (or higher)

HP LaserJet Enterprise M806 CZ244A, CZ245A v 2302963_436075 (or higher)

HP LaserJet Enterprise MFP M725 CF066A, CF067A, CF068A, CF069A v 2302963_436078 (or higher)

HP Scanjet Enterprise 8500 Document Capture Workstation L2717A, L2719A v 2302963_436065 (or higher)

OfficeJet Enterprise Color MFP X585 B5L04A, B5L05A,B5L07A v 2302963_436066 (or higher)

OfficeJet Enterprise Color X555 C2S11A, C2S12A v 2302963_436074 (or higher)

HP Color LaserJet CP3525 CC468A, CC469A, CC470A, CC471A v 06.183.1 (or higher)

HP LaserJet M4345 Multifunction Printer CB425A, CB426A, CB427A, CB428A v 48.306.1 (or higher)

HP LaserJet M5025 Multifunction Printer Q7840A v 48.306.1 (or higher)

HP Color LaserJet CM6040 Multifunction Printer Q3938A, Q3939A v 52.256.1 (or higher)

HP Color LaserJet Enterprise CP4525 CC493A, CC494A, CC495A v 07.164.1 (or higher)

HP Color LaserJet Enterprise CP4025 CC489A, CC490A v 07.164.1 (or higher)

HP LaserJet M5035 Multifunction Printer Q7829A, Q7830A, Q7831A v 48.306.1 (or higher)

HP LaserJet M9050 Multifunction Printer CC395A v 51.256.1 (or higher)

HP LaserJet M9040 Multifunction Printer CC394A v 51.256.1 (or higher)

HP Color LaserJet CM4730 Multifunction Printer CB480A, CB481A, CB482A, CB483A v 50.286.1 (or higher)

HP LaserJet M3035 Multifunction Printer CB414A, CB415A, CC476A, CC477A v 48.306.1 (or higher)

HP 9250c Digital Sender CB472A v 48.293.1 (or higher)

HP LaserJet Enterprise P3015 CE525A,CE526A,CE527A,CE528A,CE595A v 07.186.1 (or higher)

HP LaserJet M3027 Multifunction Printer CB416A, CC479A v 48.306.1 (or higher)

HP LaserJet CM3530 Multifunction Printer CC519A, CC520A v 53.236.1 (or higher)

HP Color LaserJet CP6015 Q3931A, Q3932A, Q3933A, Q3934A, Q3935A v 04.203.1 (or higher)

HP LaserJet P4515 CB514A,CB515A, CB516A, CB517A v 04.213.1 (or higher)

HP Color LaserJet CM6030 Multifunction Printer CE664A, CE665A v 52.256.1 (or higher)

HP LaserJet P4015 CB509A, CB526A, CB511A, CB510A v 04.213.1 (or higher)

HP LaserJet P4014 CB507A, CB506A, CB512A v 04.213.1 (or higher)

HISTORY Version:1 (rev.1) - 22 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0445",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "6.2.3"
      },
      {
        "model": "jboss enterprise web server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "2.0.1"
      },
      {
        "model": "jboss enterprise web platform",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "5.2.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "powerlinux 7r2",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8za"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "rox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.16.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "20"
      },
      {
        "model": "application processing engine",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.0.2"
      },
      {
        "model": "python",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.4.2"
      },
      {
        "model": "s7-1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.2.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.29"
      },
      {
        "model": "python",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "python",
        "version": "2.7.8"
      },
      {
        "model": "server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "filezilla",
        "version": "0.9.45"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "19"
      },
      {
        "model": "storage",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "2.1"
      },
      {
        "model": "python",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "python",
        "version": "3.4.0"
      },
      {
        "model": "mariadb",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.13"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "cp1543-1",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.1.25"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "mariadb",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mariadb",
        "version": "10.0.0"
      },
      {
        "model": "python",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "python",
        "version": "2.7.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "powerlinux 7r1",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "bladecenter advanced management module 3.66e",
        "scope": null,
        "trust": 0.9,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "ibm",
        "version": "5200"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "junos 11.4r9",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7700"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.1"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.0"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "5700"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7800"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "junos 10.4s15",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "junos 13.2r2",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4r15",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.1"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "junos 13.3r1",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4s",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "one-x mobile sip for ios",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "11.4x27"
      },
      {
        "model": "junos 11.4r8",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4r16",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x45-d10",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "junos 12.1r7",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "juniper",
        "version": "10.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "0.9.8o"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.110.6"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "power ps702",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.30"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.117"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.112"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.46"
      },
      {
        "model": "chrome for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.141"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "fortigate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.0"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "8800"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.1"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v210.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.10"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.155"
      },
      {
        "model": "laserjet pro color printer m251n/nw cf147a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "horizon view feature pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.5"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.0"
      },
      {
        "model": "arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.4"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "cp1543-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "computer telephony integration object server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2.2"
      },
      {
        "model": "vsphere virtual disk development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "laserjet p2055 printer series ce460a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.35"
      },
      {
        "model": "ace application control engine module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datafort e-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571471.43"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v2-480"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "junos 11.4r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.470"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.4"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6.10"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos space ja1500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.3"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x571431.43"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3"
      },
      {
        "model": "laserjet printer series q7543a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "laserjet enterprise flow mfp m525c cf118a 2302963 436069",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.20"
      },
      {
        "model": "fortios b0537",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.06"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.0"
      },
      {
        "model": "laserjet enterprise m806 cz244a 2302963 436075",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.3"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "9.1-release-p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "laserjet enterprise color m775 series cf304a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "fortirecorder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.00"
      },
      {
        "model": "openvpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.3.3"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.32"
      },
      {
        "model": "laserjet enterprise mfp m525f cf117a 2302963 436069",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "laserjet enterprise color m775 series cc522a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "secure analytics 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "vpn client v100r001c02spc702",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p70a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.6"
      },
      {
        "model": "laserjet pro color mfp m276n/nw cf145a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.1.100.3"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "laserjet m9050 multifunction printer cc395a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310025820"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "34.0"
      },
      {
        "model": "junos 13.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.0"
      },
      {
        "model": "integrity superdome and hp converged system for sap hana",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x9005.50.12"
      },
      {
        "model": "asset manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.20"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.3"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.8"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1"
      },
      {
        "model": "sdn for virtual environments",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.2"
      },
      {
        "model": "manageone v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.1"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7400"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.38"
      },
      {
        "model": "tivoli workload scheduler distributed ga level",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "snapprotect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "junos r8-s2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.34"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "color laserjet enterprise cp4525 cc495a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.0-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.49"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.342"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "oneview",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.10"
      },
      {
        "model": "laserjet enterprise mfp m725 cf069a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.53"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.0.1"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.6"
      },
      {
        "model": "prime access registrar appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.48"
      },
      {
        "model": "nvp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.2.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.1"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "tekelec hlr router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "open systems snapvault agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "agile controller v100r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "laserjet p4515 cb515a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "laserjet pro mfp m425dn/dw cf286a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020140919"
      },
      {
        "model": "laserjet enterprise m712 series cf236a 2302963 436080",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.49"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "mds switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3.5"
      },
      {
        "model": "idol speech software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.5.0.16091"
      },
      {
        "model": "laserjet enterprise color m551 series cf082a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.6"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.124"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.1"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90000"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5.2"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.32"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.14"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "laserjet enterprise mfp m725 cf066a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.40"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "wx5002/5004 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "netscaler 9.3.e",
        "scope": null,
        "trust": 0.3,
        "vendor": "citrix",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.71"
      },
      {
        "model": "laserjet m9040 multifunction printer cc394a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51.256.1"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "usg5000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.46"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos space 13.3r1.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "proxyav",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise communications broker pcz2.0.0m4p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "sparc enterprise m4000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1118"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.1"
      },
      {
        "model": "aura application server sip core pb23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "vsr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.33"
      },
      {
        "model": "asg2000 v100r001c10sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.130.14"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.10"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.14"
      },
      {
        "model": "wireless lan controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.16"
      },
      {
        "model": "junos r4-s2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.128.3"
      },
      {
        "model": "virtuozzo containers for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "4.6"
      },
      {
        "model": "laserjet p4015 cb526a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "laserjet enterprise mfp m630 series j7x28a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "laserjet p3005 printer series q7813a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.4"
      },
      {
        "model": "vsphere virtual disk development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "infosphere master data management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.24"
      },
      {
        "model": "vsm v200r002c00spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.37"
      },
      {
        "model": "10.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "710/7300"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.8"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.08"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.4"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.4"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "0"
      },
      {
        "model": "nextscale nx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54550"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.52"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.110"
      },
      {
        "model": "network connect 8.0r3.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system chassis management module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32200"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.8"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "s5900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0"
      },
      {
        "model": "p2000 g3 msa array system ts251p006",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "documentum content server p05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "laserjet printer series q5404a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.5"
      },
      {
        "model": "jabber video for telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "flex system p270",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.04"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.10"
      },
      {
        "model": "laserjet p4015 cb509a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.2"
      },
      {
        "model": "tivoli workload scheduler distributed fp05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "tivoli workload scheduler distributed fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "endeca information discovery studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.18"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "10.0-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.3"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.5"
      },
      {
        "model": "laserjet m5035 multifunction printer q7829a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.38"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3200"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "8.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5.2.3"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "laserjet enterprise m602 series ce992a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "fortiwifi",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "laserjet enterprise m712 series cf238a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-453"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.4"
      },
      {
        "model": "junos 12.1r8-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.344"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087220"
      },
      {
        "model": "9.2-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "content analysis system software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.5.5"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sparc enterprise m9000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.14"
      },
      {
        "model": "advanced settings utility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.0"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.7"
      },
      {
        "model": "(comware family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12500v7)0"
      },
      {
        "model": "automation stratix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "590015.6.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.11"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.50"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v5000-"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.72"
      },
      {
        "model": "nexus series fabric extenders",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "20000"
      },
      {
        "model": "intelligencecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.2"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "strm 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "financial services lending and leasing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "14.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "fortimail build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8546"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.55"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.5"
      },
      {
        "model": "documentum content server p02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "9.0.3"
      },
      {
        "model": "sbr global enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "color laserjet printer series q7533a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.19"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "power ps700",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.7"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "laserjet enterprise m712 series cf235a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "color laserjet cp5525 ce708a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.12"
      },
      {
        "model": "desktop collaboration experience dx650",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura application server sip core pb28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "automation stratix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rockwell",
        "version": "59000"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.2"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.48"
      },
      {
        "model": "telepresence system series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.5.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.41"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.9"
      },
      {
        "model": "secure analytics 2014.2r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet cm4540 mfp cc421a 2302963 436067",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "color laserjet cp6015 q3934a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.21"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.6"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.24"
      },
      {
        "model": "telepresence ip gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.0"
      },
      {
        "model": "junos 12.1r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "p2000 g3 msa array system ts251p005",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "idol software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.8"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "open systems snapvault 3.0.1p6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "key",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.14"
      },
      {
        "model": "laserjet p4515 cb515a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "worklight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "laserjet enterprise color m775 series cc523a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.01"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.11"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.1"
      },
      {
        "model": "power 780",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056340"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.53"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7700"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.4"
      },
      {
        "model": "junos 12.2r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.7"
      },
      {
        "model": "u200s and cs family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "security threat response manager 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.71"
      },
      {
        "model": "pulse desktop 5.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.2"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.7"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.1"
      },
      {
        "model": "winscp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.4"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.04"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50000"
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.02"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.6"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "laserjet m3035 multifunction printer cc476a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "hsr6800 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3"
      },
      {
        "model": "color laserjet m651 cz258a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v5)0"
      },
      {
        "model": "ddos secure",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.14.1-1"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.4.1"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "vsm v200r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "junos 12.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "message networking sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "officejet enterprise color mfp b5l05a 2302963 436066",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x585"
      },
      {
        "model": "color laserjet cm4540 mfp cc420a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "dgs-1210-52",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.025"
      },
      {
        "model": "ngfw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "powervu d9190 comditional access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.57"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.3"
      },
      {
        "model": "msr9xx russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "junos 12.3r4-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.14"
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "10.0-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.3"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.1"
      },
      {
        "model": "ive os 7.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "laserjet enterprise m806 cz244a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "usage meter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.73"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "softco v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "proxyav",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.4.2.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.3"
      },
      {
        "model": "s2700\u0026s3700 v100r006c05+v100r06h",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.56"
      },
      {
        "model": "horizon mirage edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.4.2"
      },
      {
        "model": "oceanstor s6800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "virtuozzo containers for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "4.6"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb480a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.54"
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "laserjet enterprise p3015 ce527a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence mcu series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.8"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.014"
      },
      {
        "model": "asg2000 v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.154"
      },
      {
        "model": "idp 5.1r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "nac manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.4"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "smc2.0 v100r002c01b017sp17",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.6"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc519a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "laserjet pro color mfp m276n/nw cf144a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58000"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb481a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "email appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "3.7.0.0"
      },
      {
        "model": "email security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "junos os 12.1x46-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "10.0.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.10"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.43"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.13"
      },
      {
        "model": "junos 12.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.4"
      },
      {
        "model": "network connect 7.4r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "msa storage gl200r007",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1040"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.4"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.10"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89450"
      },
      {
        "model": "rox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "11.16.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "usg2000 v300r001c10sph201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet p4014 cb506a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.0"
      },
      {
        "model": "arubaos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.1.8"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.6"
      },
      {
        "model": "system x3500m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73801.42"
      },
      {
        "model": "licensing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325025830"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.53"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "switch series (comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10500v7)0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.6"
      },
      {
        "model": "idol image server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.7"
      },
      {
        "model": "ecns600 v100r002c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "espace u19** v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.5"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "spa112 2-port phone adapter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2.1-x"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "laserjet enterprise color m551 series cf081a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.0"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70003.4.20"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "oceanstor s5600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "9.0--releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "laserjet enterprise color m855 a2w78a 2302963 436076",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.2"
      },
      {
        "model": "color laserjet printer series q5984a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "simatic cp1543-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.1"
      },
      {
        "model": "power express f/c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "52056330"
      },
      {
        "model": "color laserjet cp5525 ce707a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "9.0-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73231.42"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3-66.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.23"
      },
      {
        "model": "laserjet p4014 cb507a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "bladecenter js43 with feature code",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x8446)0"
      },
      {
        "model": "toolscenter suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.53"
      },
      {
        "model": "unified communications series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "5000"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.18"
      },
      {
        "model": "junos space 11.4r5.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system storage ts2900 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0026"
      },
      {
        "model": "junos 12.1r7-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "8.4-release-p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netcool/system service monitor fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.014"
      },
      {
        "model": "exalogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x2-22.0.6.2.0"
      },
      {
        "model": "color laserjet m680 cz248a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bbm for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.46"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.6.0"
      },
      {
        "model": "color laserjet enterprise cp4025 cc489a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "tivoli management framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "laserjet m3027 multifunction printer cb416a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security information and event management hf11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3.2"
      },
      {
        "model": "laserjet pro mfp m425dn/dw cf288a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020140919"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "junos 12.1r5-s3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x363071580"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.29"
      },
      {
        "model": "asset manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.30"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.1"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1.1"
      },
      {
        "model": "content analysis system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "vsphere storage appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "elan",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.15"
      },
      {
        "model": "tivoli storage productivity center fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0"
      },
      {
        "model": "laserjet m5035 multifunction printer q7831a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "msr2000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "email security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "color laserjet printer series cb433a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3"
      },
      {
        "model": "laserjet enterprise m712 series cf236a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.12"
      },
      {
        "model": "tivoli netcool/system service monitor fp9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "communicator for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.1"
      },
      {
        "model": "color laserjet printer series q7535a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "8.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.7"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "svn2200 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "bladecenter js12 express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-60x)0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.12"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "laserjet multifunction printer series q3943a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "usg9500 v300r001c01spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet p4015 cb526a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "cms r16 r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "system x3200m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73271.42"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.115"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.52"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.3.2.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.12"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.0"
      },
      {
        "model": "color laserjet cp3505 printer series ce491a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "laserjet m5035 multifunction printer q7830a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4.0.15779"
      },
      {
        "model": "color laserjet cp3525 cc468a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6"
      },
      {
        "model": "8.4-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "host agent for oncommand core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "mcp russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0.0.12141"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.159"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "ecns610 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.24"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.93"
      },
      {
        "model": "color laserjet printer series q7495a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "a6600 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.817"
      },
      {
        "model": "laserjet enterprise m602 series ce991a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "f5000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce664a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "9.2-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "color laserjet enterprise cp4025 cc489a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "network connect 7.4r9.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vcsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "idataplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "color laserjet cp3525 cc471a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "laserjet enterprise flow mfp m525c cf118a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos r11",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "laserjet enterprise color flow mfp m575c cd646a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m3035 multifunction printer cb415a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "junos 10.4s13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc520a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.7"
      },
      {
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.0"
      },
      {
        "model": "oceanstor s5600t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "espace iad v300r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.44"
      },
      {
        "model": "color laserjet cp5525 ce708a 2302963 436070",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "cognos express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "pk family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "color laserjet cp6015 q3935a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "3par service processor sp-4.2.0.ga-29.p002",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.10"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "telepresence server on virtual machine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m602 series ce993a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.126"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-2"
      },
      {
        "model": "laserjet m4345 multifunction printer cb427a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.6.1"
      },
      {
        "model": "laserjet p4515 cb517a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "color laserjet cp5525 ce709a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m5025 multifunction printer q7840a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "oceanstor s5800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "oceanstor s5800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet cp6015 q3933a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.20"
      },
      {
        "model": "color laserjet flow m680 cz250a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 11.4r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.2"
      },
      {
        "model": "color laserjet cp3505 printer series cb444a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.3"
      },
      {
        "model": "icewall sso dfw r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.10"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "color laserjet printer series cb432a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "cognos express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "horizon view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3.1"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0.00"
      },
      {
        "model": "color laserjet multifunction printer series q7519a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "telepresence tx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "90006.1.20"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.2"
      },
      {
        "model": "malware analysis appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.31"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.00"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.6.2"
      },
      {
        "model": "junos os 12.1x47-d15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "junos 13.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vfabric application director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "tandberg mxp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "9900"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.10"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.2"
      },
      {
        "model": "cloud service automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.00"
      },
      {
        "model": "d9036 modular encoding platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cluster network/management switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "vma san gateway g5.5.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node /fc efd9",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "10.0-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.92743"
      },
      {
        "model": "system storage ts2900 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0025"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8300"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3938a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "chargeback manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "color laserjet m651 cz258a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5950"
      },
      {
        "model": "tivoli netcool/system service monitor fp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.4"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "tssc",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.15"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.7"
      },
      {
        "model": "secblade fw family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.42"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "bbm for iphone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rim",
        "version": "2.2.1.24"
      },
      {
        "model": "vsphere sdk for perl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w76a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0.1650.59"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "telepresence serial gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uacos c4.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "elog v100r003c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.0"
      },
      {
        "model": "ata series analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1900"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.7"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.125"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.0.9.8"
      },
      {
        "model": "laserjet enterprise p3015 ce528a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89610"
      },
      {
        "model": "idol speech software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.7"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "color laserjet enterprise cp4525 cc494a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.7"
      },
      {
        "model": "vcenter operations manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.8.1"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.30"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.51"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364160"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "prime lan management solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "msr50 g2 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7080"
      },
      {
        "model": "dgs-1500-52",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "junos 11.4r6-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet m9040 multifunction printer cc394a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cms r17ac.h",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.1"
      },
      {
        "model": "color laserjet cp3525 cc470a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.122"
      },
      {
        "model": "laserjet pro color printer m251n/nw cf146a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20020140919"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "laserjet printer series q5401a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.47"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10"
      },
      {
        "model": "ucs central",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "power ps703 blade",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7891-73x)0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.3.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.36"
      },
      {
        "model": "system storage ts3400 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0039"
      },
      {
        "model": "dynamic system analysis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.6"
      },
      {
        "model": "s7700\u0026s9700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.6"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7"
      },
      {
        "model": "openvpn",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvpn",
        "version": "2.3.4"
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.2"
      },
      {
        "model": "freedome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "fortios b0630",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "nac guest server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.00"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.60"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.4"
      },
      {
        "model": "dsr-1000n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "unity connection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.1.0"
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      },
      {
        "model": "oceanstor s2200t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "icewall sso dfw r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.14"
      },
      {
        "model": "security enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "spa232d multi-line dect ata",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "policy center v100r003c00spc305",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.1"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v19.7"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.11"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "flex system p270 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7954-24x)0"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58200"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.52"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf285a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "crossbow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "system x3650m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79471.42"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.0"
      },
      {
        "model": "system x3200m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73281.42"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.16"
      },
      {
        "model": "ios software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.39"
      },
      {
        "model": "ios xe software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3939a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32400"
      },
      {
        "model": "color laserjet cp6015 q3933a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.76"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "10.0-release-p5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "laserjet m3027 multifunction printer cc479a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.1"
      },
      {
        "model": "laserjet multifunction printer series q3942a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "crossbow",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4.2.3"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.2"
      },
      {
        "model": "junos 10.4s14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.25"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "laserjet m4345 multifunction printer cb428a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1"
      },
      {
        "model": "anyconnect secure mobility client for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uacos c4.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsr-500n 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "color laserjet m651 cz255a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.16"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.8"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.11"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "storeever msl6480 tape library",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.40"
      },
      {
        "model": "msr3000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "video surveillance series ip camera",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40000"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.0"
      },
      {
        "model": "color laserjet enterprise m750 d3l09a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for desktop platforms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space 13.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.013"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.3"
      },
      {
        "model": "laserjet enterprise color m855 a2w79a 2302963 436076",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.67"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "spa510 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "operations automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "5.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.20"
      },
      {
        "model": "4800g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "flex system p460",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-43x)0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.7"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.4"
      },
      {
        "model": "idp 4.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.00"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.5"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "usg9500 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.31"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce503a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.11"
      },
      {
        "model": "sylpheed",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.4.2"
      },
      {
        "model": "host checker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3"
      },
      {
        "model": "junos space ja2500 appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux server eus 6.5.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.0"
      },
      {
        "model": "laserjet m5035 multifunction printer q7831a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.10"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1"
      },
      {
        "model": "prime performance manager for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "receiver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.12"
      },
      {
        "model": "secure work space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "color laserjet cp6015 q3935a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "s7700\u0026s9700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "wide area application services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "87100"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.2"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb482a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.37"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "s3900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "collaboration services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified communications widgets click to call",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.16"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.49"
      },
      {
        "model": "color laserjet cp6015 q3933a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "softco v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.6"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.13"
      },
      {
        "model": "telepresence t series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "unified attendant console advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idol software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.7"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "9.0.3"
      },
      {
        "model": "puredata system for hadoop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.02"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.3"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.1"
      },
      {
        "model": "proventia network security controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79130"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v310.1"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10000"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.169"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "fastsetup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.4"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.26"
      },
      {
        "model": "tandberg codian isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32100"
      },
      {
        "model": "laserjet printer series q5409a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g85a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.2"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.0"
      },
      {
        "model": "tivoli workload scheduler distributed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-3"
      },
      {
        "model": "color laserjet multifunction printer series cb483a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "jabber for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dgs-1500-28p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 11.4r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.1.1"
      },
      {
        "model": "a6600 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.1"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.1"
      },
      {
        "model": "laserjet multifunction printer series q3728a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.290.2"
      },
      {
        "model": "junos space 12.3r2.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system x3650m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79451.42"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.36"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "color laserjet cp6015 q3932a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "bcaaa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.9"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "vcloud networking and security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.2"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vsphere support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "manageone v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "laserjet m4345 multifunction printer cb426a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.34"
      },
      {
        "model": "s7700\u0026s9700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.19"
      },
      {
        "model": "flex system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "s6900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "14.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.65"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.1"
      },
      {
        "model": "ucs b-series servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.7.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.16"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.011"
      },
      {
        "model": "junos r7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.29"
      },
      {
        "model": "storeever msl6480 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos os 11.4r12-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2"
      },
      {
        "model": "3par service processor sp-4.3.0.ga-17.p001",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet printer series q5407a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w76a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "laserjet enterprise color m775 series cc524a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "universal small cell series software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50003.4.2.0"
      },
      {
        "model": "laserjet p4515 cb515a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "junos 12.1r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "junos 11.4r10-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.45"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.41"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.116"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.73"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.67"
      },
      {
        "model": "junos 12.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.2"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.11"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.015"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.09"
      },
      {
        "model": "sbr carrier 8.0.0-r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "documentum content server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.1"
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77109.7"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf399a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "color laserjet cp3525 cc469a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.1"
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "quantum policy suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise color m775 series cc522a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "msr20 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.614"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "asset manager 9.41.p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.6"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.57"
      },
      {
        "model": "msr1000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.88"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.3"
      },
      {
        "model": "9.2-rc2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "utm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.51"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.9"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "tivoli netcool/system service monitor fp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3"
      },
      {
        "model": "cloud server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.16"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "system x3630m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73771.42"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "10.0.2"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.22"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.1"
      },
      {
        "model": "enterprise linux long life 5.9.server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "powerlinux 7r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "vcenter chargeback manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.6"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1.0.18193"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "color laserjet cp6015 q3931a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73211.42"
      },
      {
        "model": "telepresence mxp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2"
      },
      {
        "model": "infosphere balanced warehouse c4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.123"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.7"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "jetdirect ew2500 802.11b/g wireless print server j8021a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.53"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb483a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1"
      },
      {
        "model": "junos r2-s2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.12"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7900.00"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.50"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.1"
      },
      {
        "model": "client connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.0"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.91"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce738a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos os 12.2r9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb480a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "flare experience for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.2.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4"
      },
      {
        "model": "communicator for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "lifetime key management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.20"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.12"
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02spc800",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "telepresence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70100"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb481a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf270a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.3"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "laserjet enterprise color m855 a2w78a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.15"
      },
      {
        "model": "message networking sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2"
      },
      {
        "model": "strm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.26"
      },
      {
        "model": "prime data center network manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "infosphere balanced warehouse d5100",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "cc v200r001c31",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "junos 13.2r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 11.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s12700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.10"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0"
      },
      {
        "model": "laserjet enterprise color m775 series cc523a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.0.10648"
      },
      {
        "model": "laserjet p4014 cb507a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenmobile app controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "2.9"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.10"
      },
      {
        "model": "oceanstor s5500t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.0"
      },
      {
        "model": "8.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.6"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "8.047.8"
      },
      {
        "model": "enterprise linux server eus 6.4.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "vcd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.11"
      },
      {
        "model": "security information and event management hf3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1.4"
      },
      {
        "model": "laserjet enterprise color m551 series cf083a 2302963 436083",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.2"
      },
      {
        "model": "documentum content server sp2 p13",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "icewall sso dfw r2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.5"
      },
      {
        "model": "agent desktop for cisco unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet p2055 printer series ce456a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.01"
      },
      {
        "model": "9250c digital sender cb472a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "netiq admininstration console server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.131"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.2"
      },
      {
        "model": "sparc m10-4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "junos 13.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "software foundation python",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "python",
        "version": "3.5"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7100"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "laserjet enterprise color m855 a2w79a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0-76.7"
      },
      {
        "model": "bbm for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.4"
      },
      {
        "model": "anyconnect secure mobility client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.3"
      },
      {
        "model": "documentum content server sp2 p14",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "color laserjet cp6015 q3934a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8721"
      },
      {
        "model": "color laserjet m651 cz257a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce502a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "vsphere virtual disk development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "ive os 8.0r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system storage ts2900 tape librray",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0033"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce504a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc519a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.9"
      },
      {
        "model": "ecns600 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0-77.5"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.2.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.3"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.3"
      },
      {
        "model": "laserjet p3005 printer series q7816a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "jabber voice for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.6"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "unified ip conference phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos os 12.1x46-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet p4515 cb516a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.172"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "aura application server sip core pb19",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "bladecenter js22",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7998-61x)0"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.15"
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.65"
      },
      {
        "model": "executive scorecard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.41"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.5"
      },
      {
        "model": "8.4-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "infosphere balanced warehouse c3000",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.6"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "uacos c5.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "strm/jsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "z/tpf",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.10"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.40"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p70a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "laserjet p4515 cb514a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.2.0.9"
      },
      {
        "model": "puredata system for operational analytics a1791",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "dsm v100r002c05spc615",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.6"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.55"
      },
      {
        "model": "system x3400m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78361.42"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.2"
      },
      {
        "model": "fortirecorder",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos insight standalone fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "bladecenter js23",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.5"
      },
      {
        "model": "hosted collaboration mediation fulfillment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.0"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "msa storage gl200r007",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2040"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "icewall sso certd r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "command view server based management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.3.2"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "laserjet printer series q7697a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.161"
      },
      {
        "model": "storevirtual vsa software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.5"
      },
      {
        "model": "paging server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.6"
      },
      {
        "model": "fortigate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.5"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.2"
      },
      {
        "model": "9500e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "ace application control engine module ace20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m712 series cf235a 2302963 436080",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "fortisandbox build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.3.086"
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c09",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.4"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "23.0.1271.94"
      },
      {
        "model": "agent desktop for cisco unified contact center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "vcenter site recovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0.31"
      },
      {
        "model": "dgs-1210-28p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.043"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "11000"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.75"
      },
      {
        "model": "color laserjet m680 cz248a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.91"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "ape",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "hyperdp v200r001c91spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x330073820"
      },
      {
        "model": "asset manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "unified attendant console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "dsr-500 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3-64.4"
      },
      {
        "model": "s3900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor s5600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.19"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "enterprise linux server eus 6.3.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "6.0"
      },
      {
        "model": "junos 10.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.10.140.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.32"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.5"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "laserjet p3005 printer series q7814a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "ace application control engine module ace10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v110.1"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "20"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36100"
      },
      {
        "model": "ive os 7.4r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.21"
      },
      {
        "model": "hi switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.7"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce503a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr9xx family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "vcenter site recovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.1"
      },
      {
        "model": "nsx for multi-hypervisor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.1.2"
      },
      {
        "model": "laserjet printer series q7698a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.17"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.63"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos os 13.3r2-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp07",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "msr30 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.3"
      },
      {
        "model": "smart update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.1"
      },
      {
        "model": "manageone v100r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.4"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.0.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463011.5"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087330"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.20"
      },
      {
        "model": "esight-ewl v300r001c10spc300",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ave2000 v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet enterprise cp4525 cc493a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "executive scorecard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.22"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.2"
      },
      {
        "model": "websphere datapower b2b appliance xb62",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "laserjet multifunction printer series q3726a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.290.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.82"
      },
      {
        "model": "color laserjet cp4005 printer series cb504a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "46.230.6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.1"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.1"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.0.74.4"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos space 12.3p2.8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.85"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.60"
      },
      {
        "model": "pulse desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.0"
      },
      {
        "model": "rational insight ifix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "fortios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "tivoli workload scheduler distributed fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "telepresence integrator c series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "laserjet m4345 multifunction printer cb425a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "8.4-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "laserjet enterprise m602 series ce991a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "malware analysis appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1.2"
      },
      {
        "model": "usg9300 v200r001c01sph902",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.126.0"
      },
      {
        "model": "project openssl beta1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "anyoffice v200r002c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "43000"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60000"
      },
      {
        "model": "color laserjet flow m680 ca251a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.4"
      },
      {
        "model": "splunk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.9"
      },
      {
        "model": "cacheflow",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "2.0"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.1"
      },
      {
        "model": "bbm for android",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "rim",
        "version": "2.2.1.40"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "13.10"
      },
      {
        "model": "virtual automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.68"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0.0"
      },
      {
        "model": "color laserjet enterprise cp4025 cc490a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.34"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.50"
      },
      {
        "model": "color laserjet multifunction printer series cb481a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "laserjet printer series q7545a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "junos 13.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2143"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19100"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "usg9500 usg9500 v300r001c20",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet printer series q5406a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "espace u2990 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "forticlient build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0591"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.34"
      },
      {
        "model": "studio",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.60"
      },
      {
        "model": "aura conferencing sp1 standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "laserjet enterprise mfp m525f cf116a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "color laserjet cp3525 cc468a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2"
      },
      {
        "model": "telepresence isdn gw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "32410"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.10"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.6"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.62"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x310054570"
      },
      {
        "model": "vcd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.3"
      },
      {
        "model": "9.0-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.4.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.4"
      },
      {
        "model": "telepresence ex series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "one-x mobile ces for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos os 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59200"
      },
      {
        "model": "security analytics platform",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1.3"
      },
      {
        "model": "oceanstor s6800t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "manageone v100r001c02 spc901",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 11.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2"
      },
      {
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.20"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.6"
      },
      {
        "model": "junos 12.1x45-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system x3500m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78391.42"
      },
      {
        "model": "utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.2"
      },
      {
        "model": "oceanstor s2600t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet cp5525 ce707a 2302963 436070",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "enterprise linux els",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500-"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.26"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.13"
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "11.00"
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce664a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "isoc v200r001c02spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "psb email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "9.20"
      },
      {
        "model": "color laserjet cp3525 cc471a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "9.2-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0.1916.155"
      },
      {
        "model": "ons series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "154000"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "unified intelligent contact management enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space r1.8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.4"
      },
      {
        "model": "webapp secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "anyconnect secure mobility client for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.11"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.70"
      },
      {
        "model": "utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "8.3"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "policy center v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087180"
      },
      {
        "model": "laserjet enterprise p3015 ce526a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.50"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.14"
      },
      {
        "model": "junos 12.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.4"
      },
      {
        "model": "color laserjet cp6015 q3934a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.170"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3700-"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.92"
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "88704.76.0"
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "updatexpress system packs installer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.60"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "5.0"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.0"
      },
      {
        "model": "video surveillance 4300e/4500e high-definition ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smart update manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.4.1"
      },
      {
        "model": "director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.21"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x638370"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.85"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0"
      },
      {
        "model": "color laserjet multifunction printer series cb480a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "vm virtualbox 4.2.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "color laserjet cm4540 mfp cc421a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.50"
      },
      {
        "model": "color laserjet multifunction printer series cb482a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.16"
      },
      {
        "model": "sdn for virtual environments",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "laserjet multifunction printer series q3944a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3"
      },
      {
        "model": "jabber video for ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos os 13.2r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.51"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.8"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.2"
      },
      {
        "model": "junos 10.4r14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1"
      },
      {
        "model": "laserjet printer series q5403a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.56"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "webex connect client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vcsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "8.0.552.343"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "color laserjet printer series q5982a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.4"
      },
      {
        "model": "junos pulse 4.0r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.12"
      },
      {
        "model": "cognos planning fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "junos -d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "p2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1810v10"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.28"
      },
      {
        "model": "junos space 13.1r1.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3.1"
      },
      {
        "model": "junos 10.0s25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 10.4r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "email and server security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "10.00"
      },
      {
        "model": "system dx360m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73251.42"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.13"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "softco v200r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.52"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.3"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3939a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.18"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.28"
      },
      {
        "model": "junos 10.4r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.1"
      },
      {
        "model": "vsphere storage appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1.3"
      },
      {
        "model": "laserjet p4015 cb511a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.1"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.17"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.18"
      },
      {
        "model": "junos 12.3r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.36"
      },
      {
        "model": "agile controller v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "nip2000\u00265000 v100r002c10hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tapi service provider",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.29"
      },
      {
        "model": "datafort s-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.4"
      },
      {
        "model": "core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "junos r5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66020"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "management center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2.1.1"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf274a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "telepresence isdn gw mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83210"
      },
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "smc2.0 v100r002c01b017sp16",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0"
      },
      {
        "model": "blackberry link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "1.2"
      },
      {
        "model": "msr20-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.77"
      },
      {
        "model": "8.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura conferencing standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.17"
      },
      {
        "model": "one-x mobile ces for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.4"
      },
      {
        "model": "system x3650m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "54541.42"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.7"
      },
      {
        "model": "physical access gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "system m5 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x325054580"
      },
      {
        "model": "cognos insight standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "session border controller enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "junos 11.4r5-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os 8.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "89410"
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "isoc v200r001c01spc101",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "prime network registrar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.13"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.36"
      },
      {
        "model": "junos os 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0"
      },
      {
        "model": "fortiweb",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.114"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8.106"
      },
      {
        "model": "lifetime key management software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "vcenter converter standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb482a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50.286.1"
      },
      {
        "model": "10.0-beta",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.22"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "horizon workspace server gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "documentum content server p06",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.89"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "junos 12.1r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "prime network analysis module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.07"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.56"
      },
      {
        "model": "laserjet multifunction printer series q3945a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43459.310.2"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.15"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "executive scorecard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.5"
      },
      {
        "model": "bladesystem c-class onboard administrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.21"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.14"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.4"
      },
      {
        "model": "isoc v200r001c00spc202",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "60000"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "small business isa500 series integrated security appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.21"
      },
      {
        "model": "netiq identity server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "color laserjet enterprise cp4525 cc495a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "junos 12.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.80"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.5.2"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9.107"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.28"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-23x)0"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g84a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.4"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5"
      },
      {
        "model": "arubaos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "88310"
      },
      {
        "model": "vcsa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "color laserjet enterprise m750 d3l10a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.27"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.170"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "idp 4.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "horizon workspace client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "cognos business intelligence server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.20"
      },
      {
        "model": "big-iq device",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.2"
      },
      {
        "model": "laserjet m3035 multifunction printer cc476a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "laserjet enterprise flow m830z mfp cf367a 2302963 436071",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "usg9500 usg9500 v300r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "power",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5750"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "config advisor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "color laserjet cm4540 mfp cc420a 2302963 436067",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet enterprise cp4525 cc494a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "laserjet enterprise mfp m725 cf067a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "color laserjet printer series q7492a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.9"
      },
      {
        "model": "eucalyptus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eucalyptus",
        "version": "4.0"
      },
      {
        "model": "tandberg codian mse model",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "83200"
      },
      {
        "model": "uma v200r001c00spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet m680 cz249a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet m3035 multifunction printer cc477a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "isoc v200r001c00",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "3000"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.1.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.12"
      },
      {
        "model": "forticlient",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.22"
      },
      {
        "model": "eupp v100r001c10spc002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.0"
      },
      {
        "model": "websphere datapower low latency appliance xm70",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.15"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos insight standalone fp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "oncommand balance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "f1000a and s family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "stunnel",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.02"
      },
      {
        "model": "u200a and m family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.57"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.6"
      },
      {
        "model": "flex system fc5022",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "850/8700"
      },
      {
        "model": "officejet enterprise color c2s12a 2302963 436074",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x555"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70000"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5.2.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.11"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "oceanstor s5500t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "videoscape anyres live",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.66"
      },
      {
        "model": "junos d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "color laserjet cm4540 mfp cc419a 2302963 436067",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.3"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.31"
      },
      {
        "model": "vcenter converter standalone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.4"
      },
      {
        "model": "hsr6602 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "wag310g wireless-g adsl2+ gateway with voip",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "documentum content server p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.44"
      },
      {
        "model": "security threat response manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2012.1"
      },
      {
        "model": "jabber for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "unified wireless ip phone series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "29200"
      },
      {
        "model": "one-x mobile for blackberry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.5"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.50"
      },
      {
        "model": "9.0-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.14"
      },
      {
        "model": "laserjet m4345 multifunction printer cb425a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.6"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.07"
      },
      {
        "model": "storevirtual 1tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "ida pro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hex ray",
        "version": "6.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "31.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.8"
      },
      {
        "model": "junos space 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "upward integration modules for vmware vsphere",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.44"
      },
      {
        "model": "prime optical for sps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.22"
      },
      {
        "model": "9.2-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "color laserjet m651 cz255a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51200"
      },
      {
        "model": "scanjet enterprise document capture workstation l2717a 2302963 436065",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8500"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.19"
      },
      {
        "model": "laserjet p4015 cb510a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.99"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.168"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.02007"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0.2"
      },
      {
        "model": "9.0-rc3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos 13.3r2-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.41"
      },
      {
        "model": "junos 12.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.1"
      },
      {
        "model": "vcd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.6.2"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3850x638370"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "smart call home",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "elan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.3.3"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.1"
      },
      {
        "model": "project openssl beta5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.3"
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd645a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "system x3250m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "42511.42"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.0"
      },
      {
        "model": "laserjet enterprise m806 cz245a 2302963 436075",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.4"
      },
      {
        "model": "suse core for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9x86"
      },
      {
        "model": "ecns610 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "junos 13.2r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "documentum content server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "horizon workspace server data",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0.1025308"
      },
      {
        "model": "9.0-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.81"
      },
      {
        "model": "storage encryption",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.4"
      },
      {
        "model": "laserjet m3027 multifunction printer cb416a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433511.5"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0.1700.99"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.108"
      },
      {
        "model": "xenclient enterprise",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g84a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "netscaler ipmi/lom interface",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "8.4-release-p8",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "msr20 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "colorqube ps",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xerox",
        "version": "85704.76.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.9"
      },
      {
        "model": "oceanstor s6800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "color laserjet m680 cz249a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.62"
      },
      {
        "model": "servicecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "sparc m10-4s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "fortiauthenticator build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1.060"
      },
      {
        "model": "laserjet enterprise m601 series ce990a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129000"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "vcenter support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.14"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0"
      },
      {
        "model": "sbr carrier 7.6.0-r10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.56"
      },
      {
        "model": "hsr6800 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet printer series q7552a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "scanjet enterprise document capture workstation l2717a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "85000"
      },
      {
        "model": "project openssl 0.9.8m beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.39"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.0"
      },
      {
        "model": "bladecenter js23/js43",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7778-23x)0"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.185"
      },
      {
        "model": "security network intrusion prevention system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.2"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.11"
      },
      {
        "model": "laserjet printer series q3721a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "flex system fabric en4093 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.5"
      },
      {
        "model": "manageone v100r002c10 spc320",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.10"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "svn2200 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational application developer for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "messagesight server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "secblade iii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "safe profile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "0"
      },
      {
        "model": "jabber software development kit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.79"
      },
      {
        "model": "junos 13.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "laserjet m5035 multifunction printer q7830a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "jetdirect 640n eio card j8025a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "45.35"
      },
      {
        "model": "junos 13.2r5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.4"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.2"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.4"
      },
      {
        "model": "itbm standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.00"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1.2"
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-467"
      },
      {
        "model": "color laserjet cp3525 cc469a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 13.1r4-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.11"
      },
      {
        "model": "fortivoiceos build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.3165"
      },
      {
        "model": "laserjet enterprise color m551 series cf082a 2302963 436083",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "secure analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "2013.2"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.4"
      },
      {
        "model": "eupp v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.17"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "laserjet printer series q3722a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.00"
      },
      {
        "model": "junos pulse 5.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.14"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.22"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13000"
      },
      {
        "model": "enterprise linux eus 5.9.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.7.3"
      },
      {
        "model": "laserjet p4515 cb516a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.3"
      },
      {
        "model": "uma-db v2r1coospc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "security information and event management hf6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.2.2"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.2"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "telepresence exchange system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "datafort management console",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "usg9300 usg9300 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.05"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2"
      },
      {
        "model": "f1000e family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.113"
      },
      {
        "model": "laserjet enterprise m601 series ce989a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "sterling file gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "oncommand unified manager core package 5.2.1p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "junos 11.4r6.6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.40"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19200"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.3"
      },
      {
        "model": "color laserjet cm4540 mfp cc419a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7600-"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.3"
      },
      {
        "model": "vsphere replication",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.6"
      },
      {
        "model": "espace u2990 v200r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr93x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.1"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.01"
      },
      {
        "model": "big data extensions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos space 12.3r1.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dsr-1000n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.19"
      },
      {
        "model": "junos 11.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "svn5500 v200r001c01spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr50 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0.1055"
      },
      {
        "model": "laserjet m5025 multifunction printer q7840a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "flex system p260 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-22x)0"
      },
      {
        "model": "tivoli netcool/system service monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.2"
      },
      {
        "model": "jabber voice for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "onepk all-in-one vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "idp 4.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "virtuozzo containers for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "4.7"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "junos 12.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise m603 series ce994a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "vsphere support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.37"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.2"
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "laserjet enterprise m806 cz245a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "color laserjet printer series q7493a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "msr50 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.0"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.61"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "tivoli netcool/system service monitor fp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.41"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "8.4-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "junos 10.0s28",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.9"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "isoc v200r001c02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "9000"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "color laserjet cp6015 q3931a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.1"
      },
      {
        "model": "color laserjet enterprise cp4525 cc493a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "10.0-release-p4",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.4.2"
      },
      {
        "model": "ddos secure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "utm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.40"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.07"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1183.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "ssl visibility",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.7"
      },
      {
        "model": "fortigate build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.18"
      },
      {
        "model": "junos os 12.3r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cms r17 r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "horizon workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.0"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "websphere datapower b2b appliance xb62",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.3"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.10"
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce665a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.16"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.79"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.3"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.13"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fortiwifi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vcenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "vix api",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.12"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.16"
      },
      {
        "model": "junos 5.0r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.33"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.2.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.9"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.4"
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "3.3"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "vsphere replication",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.02"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.3"
      },
      {
        "model": "uacos c5.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise p3015 ce525a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "junos 13.1r.3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "webex messenger service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "web filter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.6"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.152"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.2"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.6"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.10"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v20"
      },
      {
        "model": "laserjet p2055 printer series ce459a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "color laserjet cm4730 multifunction printer cb483a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.3"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.196.4"
      },
      {
        "model": "real-time compression appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.203"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "logcenter v200r003c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "dynamic system analysis",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.61"
      },
      {
        "model": "dgs-1210-28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.012"
      },
      {
        "model": "ssl vpn 7.4r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.20"
      },
      {
        "model": "laserjet enterprise m601 series ce989a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "telepresence supervisor mse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "80500"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.3.0.13725"
      },
      {
        "model": "infosphere master data management server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.152"
      },
      {
        "model": "color laserjet printer series q7534a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "horizon workspace client for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.8.1"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.51"
      },
      {
        "model": "rational build forge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "netiq access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "4.0"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7893"
      },
      {
        "model": "big-ip psm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2"
      },
      {
        "model": "watson explorer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.4"
      },
      {
        "model": "s7700\u0026s9700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1"
      },
      {
        "model": "netiq access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "3.2"
      },
      {
        "model": "application networking manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "command view for tape libraries",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "sparc enterprise m8000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "oceanstor s2600t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd645a 2302963 436081",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "junos 12.1x45-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "webex meetings server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.0"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.2"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.4"
      },
      {
        "model": "9.2-rc1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.0"
      },
      {
        "model": "msr30-16 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "jabber for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "fortiwifi build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "laserjet enterprise color m855 a2w77a 2302963 436076",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.4"
      },
      {
        "model": "puredata system for hadoop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.01"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.3"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "cloudsystem chargeback",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.10"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.2354"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.3"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.0"
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.3"
      },
      {
        "model": "netiq access gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.2"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.1"
      },
      {
        "model": "security threat response manager 2012.1r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99710"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "laserjet m3027 multifunction printer cc479a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "sparc enterprise m3000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "color laserjet cp6015 q3932a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0"
      },
      {
        "model": "enterprise linux long life server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.6"
      },
      {
        "model": "laserjet enterprise mfp m525f cf117a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.134.14"
      },
      {
        "model": "management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.0"
      },
      {
        "model": "ftp server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0.0.3"
      },
      {
        "model": "junos 11.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ata analog telephone adaptor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1870"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.7"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "expressway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "storage management initiative specification providers fo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "57100"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "msr30-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.15"
      },
      {
        "model": "proventia network security controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.79"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.04"
      },
      {
        "model": "junos 11.4r5.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cognos business intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.74"
      },
      {
        "model": "laserjet enterprise p3015 ce595a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet p4515 cb514a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.0"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.03"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "4.0"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.070.5"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.1.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.11"
      },
      {
        "model": "security information and event management ga",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.4.0"
      },
      {
        "model": "junos 11.4r12-s1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.2.4"
      },
      {
        "model": "family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125000"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.2"
      },
      {
        "model": "8.4-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.55"
      },
      {
        "model": "officejet enterprise color c2s11a 2302963 436074",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x555"
      },
      {
        "model": "web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.9.0.0"
      },
      {
        "model": "tsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.12"
      },
      {
        "model": "msr30-16 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "imc ead",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.31"
      },
      {
        "model": "laserjet m5035 multifunction printer q7829a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "fortios b064",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "2.1.5-1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.12"
      },
      {
        "model": "mysql",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.20"
      },
      {
        "model": "laserjet p4015 cb509a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "usg9500 v300r001c20sph102",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x353071600"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "laserjet m3035 multifunction printer cb414a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.25"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4x27.43"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.13"
      },
      {
        "model": "asa cx context-aware security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "color laserjet cp5525 ce709a 2302963 436070",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "horizon workspace client for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "web filter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.52"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "unified im and presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos 11.4r7-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w75a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "elog v100r003c01spc503",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.3"
      },
      {
        "model": "system storage ts3400 tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0040"
      },
      {
        "model": "telepresence server on multiparty media",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "3100"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.40"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087520"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.4.0"
      },
      {
        "model": "s5900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "scanjet enterprise document capture workstation l2719a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "85000"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "s6900 v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7.3"
      },
      {
        "model": "storevirtual hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.5"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "storevirtual 3tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "junos 12.1r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "fusionsphere v100r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.5"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.015"
      },
      {
        "model": "tsm v100r002c07spc219",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vma san gateway g5.5.1.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.4.0.14619"
      },
      {
        "model": "one-x mobile lite for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.173"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "system dx360m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "63911.42"
      },
      {
        "model": "espace iad v300r002c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "sterling connect:direct",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.4"
      },
      {
        "model": "documentum content server sp1 p28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.24"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "prime collaboration provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "10.5"
      },
      {
        "model": "real-time compression appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.8"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.45"
      },
      {
        "model": "arubaos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.4.1.0"
      },
      {
        "model": "cognos express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "-release-p5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "color laserjet cp6015 q3931a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "9.2-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.1"
      },
      {
        "model": "laserjet p3005 printer series q7815a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "datafort fc-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "vcac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "vcenter site recovery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7200"
      },
      {
        "model": "unified communications manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet printer series q5408a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r003",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "xiv storage system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "281011.3"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "4210g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "aura application server sip core pb25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.4"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.8"
      },
      {
        "model": "junos r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "14.1"
      },
      {
        "model": "laserjet enterprise m603 series ce995a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.118"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79000"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.88"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.3"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.95"
      },
      {
        "model": "tivoli netcool/system service monitor fp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hyperdp v200r001c09spc501",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "ei switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "nsx for multi-hypervisor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0.3"
      },
      {
        "model": "toolscenter suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x355079140"
      },
      {
        "model": "integrated lights out manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.3"
      },
      {
        "model": "utm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.203"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3.1.1"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "telepresence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "13100"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "laserjet enterprise mfp m725 cf069a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.10"
      },
      {
        "model": "laserjet printer series q7784a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42408.250.2"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59000"
      },
      {
        "model": "project metasploit framework",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.3"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.0"
      },
      {
        "model": "usg2000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.86"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "3.1.12"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.3.3"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project metasploit framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "metasploit",
        "version": "4.9.2"
      },
      {
        "model": "cloudsystem enterprise software",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75000"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "watson explorer security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "6"
      },
      {
        "model": "junos r12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "websphere datapower low latency appliance xm70",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "9.0-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "epolicy orchestrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.6.7"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "laserjet enterprise mfp m725 cf068a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.59"
      },
      {
        "model": "laserjet enterprise mfp m725 cf068a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10500"
      },
      {
        "model": "flare experience for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.1.3"
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd644a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "junos os 14.1r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "8.4-release-p7",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "operations analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "color laserjet cp3505 printer series cb442a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.2"
      },
      {
        "model": "clustered data ontap antivirus connector",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.42"
      },
      {
        "model": "big-ip pem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6"
      },
      {
        "model": "laserjet printer series q5400a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.1"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087220"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.2.0"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3"
      },
      {
        "model": "laserjet printer series q7546a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "command view for tape libraries",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.8"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.1"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "laserjet printer series q7547a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "svn5500 v200r001c01hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl beta2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.01"
      },
      {
        "model": "rox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22.6"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "power ps701",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "color laserjet m651 cz256a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.012"
      },
      {
        "model": "agent desktop for cisco unified contact center enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.8"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.3"
      },
      {
        "model": "oceanstor s5500t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet enterprise mfp m725 cf066a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g85a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x1.0.1"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "telepresence profile series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.3"
      },
      {
        "model": "espace iad v300r001c07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "software foundation python",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "python",
        "version": "3.4"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "laserjet enterprise color m775 series cf304a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7000"
      },
      {
        "model": "9.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.5"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.119"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.2"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "laserjet printer series q5402a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "42508.250.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "msr30-1x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "vcloud networking and security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.2"
      },
      {
        "model": "color laserjet printer series q7491a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "4510g switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.5"
      },
      {
        "model": "laserjet m3035 multifunction printer cb414a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "dsr-1000 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "operations automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "parallels",
        "version": "5.0"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.1"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.5"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "1.6.2"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.9"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.1"
      },
      {
        "model": "one-x mobile lite for iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "documentum content server sp2 p16",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "sparc enterprise m5000 xcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "1117"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.4"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.2"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.20"
      },
      {
        "model": "laserjet enterprise color mfp m575dn cd644a 2302963 436081",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "30000"
      },
      {
        "model": "network connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.0.0.12875"
      },
      {
        "model": "power system s822",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "network connect 8.0r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-21"
      },
      {
        "model": "junos pulse for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.22"
      },
      {
        "model": "system x3550m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79441.42"
      },
      {
        "model": "sterling connect:express for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.9"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "proactive network operations center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.2"
      },
      {
        "model": "project openssl 0.9.8f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.40"
      },
      {
        "model": "airwave",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.2.2"
      },
      {
        "model": "vfabric application director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.2"
      },
      {
        "model": "color laserjet printer series q5981a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "enterprise virtualization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "junos 11.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "malware analysis appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "ip video phone e20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.2.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "blackberry enterprise service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.2.6"
      },
      {
        "model": "junos 10.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5.4.4"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.5"
      },
      {
        "model": "project openssl beta3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mate products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.2"
      },
      {
        "model": "websphere datapower xml accelerator xa35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.0.8"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cz195a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "integrity sd2 cb900s i2 and i4 server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.7.98"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.010"
      },
      {
        "model": "flex system p260",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.4"
      },
      {
        "model": "storevirtual 4tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1.9"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.37"
      },
      {
        "model": "pulse desktop 4.0r11.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "srg1200\u00262200\u00263200 v100r002c02hp0001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "laserjet p4015 cb510a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.2"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.8"
      },
      {
        "model": "sterling connect:enterprise for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.4"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "ive os 7.4r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.3r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "56000"
      },
      {
        "model": "puredata system for hadoop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.00"
      },
      {
        "model": "utm manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.1"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.29"
      },
      {
        "model": "laserjet printer series q7699a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "messaging secure gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.5"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.5.5"
      },
      {
        "model": "jabber guest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.23"
      },
      {
        "model": "m220 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.03"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "77009.7"
      },
      {
        "model": "8.4-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0.2"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58300"
      },
      {
        "model": "jetdirect 695n eio card j8024a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "laserjet printer series q5410a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "43508.250.2"
      },
      {
        "model": "espace u19** v100r001c10",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data recovery",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.3"
      },
      {
        "model": "content security management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "uma v200r001c00spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.9.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "1.0"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x350073830"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "idatplex dx360 m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79120"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.21"
      },
      {
        "model": "cms r16",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "telepresence content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "color laserjet m651 cz256a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "oceanstor s6800t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.12"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.121"
      },
      {
        "model": "digital media players series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "44000"
      },
      {
        "model": "vdi communicator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "1.0.1"
      },
      {
        "model": "color laserjet printer series q7494a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "470046.230.6"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "119000"
      },
      {
        "model": "secure analytics 2014.2r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "power ps704 blade",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7891-74x)0"
      },
      {
        "model": "storevirtual 450gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.120"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "laserjet enterprise mfp m725 cf067a 2302963 436078",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "laserjet enterprise p3015 ce525a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "nsx for vsphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.4"
      },
      {
        "model": "junos 13.1r3-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.24"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "big-ip edge clients for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "7101"
      },
      {
        "model": "tivoli composite application manager for transactions",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "netscaler build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "8.157.3"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc519a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce738a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.48"
      },
      {
        "model": "horizon workspace",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "storevirtual 600gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413012.6"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.9"
      },
      {
        "model": "ips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "espace usm v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "idp series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "laserjet enterprise p3015 ce527a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "laserjet enterprise p3015 ce526a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "13.1"
      },
      {
        "model": "storevirtual 1tb mdl sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "oncommand unified manager core package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5"
      },
      {
        "model": "tivoli netcool/system service monitor fp12",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "watson explorer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.4"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g86a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system storage ts3400 tape library",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0042"
      },
      {
        "model": "email security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.143"
      },
      {
        "model": "nexus switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "31640"
      },
      {
        "model": "laserjet m3035 multifunction printer cb415a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc520a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "messagesight server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "ive os 8.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 11.4r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fusionsphere v100r003c10spc600",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "msr93x family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.47"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.2"
      },
      {
        "model": "color laserjet multifunction printer series q7520a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "telepresence advanced media gateway series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "airwave",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "7.7.12"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.0"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "tivoli workload scheduler distributed fp03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "smc2.0 v100r002c01b025sp07",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "s2700\u0026s3700 v100r006",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "espace cc v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "9250c digital sender cb472a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.293.1"
      },
      {
        "model": "protection service for email",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f secure",
        "version": "7.1"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.31"
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p71a 2302963 436068",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "800"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.8"
      },
      {
        "model": "netezza diagnostic tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0"
      },
      {
        "model": "laserjet m4345 multifunction printer cb427a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.21"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "8.1.68.7"
      },
      {
        "model": "elan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "8.2"
      },
      {
        "model": "isoc v200r001c01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "5000"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5"
      },
      {
        "model": "ds8870",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "laserjet enterprise color m855 a2w77a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473011.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.81"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2.15"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.2.2"
      },
      {
        "model": "dgs-1500-28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "3par service processor sp-4.2.0.ga-29.p003",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s7-1500",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.6"
      },
      {
        "model": "project openssl beta4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "esight-ewl v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "hyperdp oceanstor n8500 v200r001c91",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "virtual tape library",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.70"
      },
      {
        "model": "storevirtual hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "cloud service automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.01"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "color laserjet multifunction printer series q7518a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "simatic wincc oa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.8"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "laserjet printer series q7544a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52008.241"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce502a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "oic v100r001c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos space 13.1p1.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "dgs-1210-20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "4.00.041"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "icewall sso dfw certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "laserjet enterprise m603 series ce996a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.9"
      },
      {
        "model": "cit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.2"
      },
      {
        "model": "color laserjet cp6015 q3932a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "content analysis system software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1.53"
      },
      {
        "model": "horizon workspace client for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "via for linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "2.0.0"
      },
      {
        "model": "upward integration modules for microsoft system center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.5"
      },
      {
        "model": "color laserjet printer series q5983a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "380046.80.8"
      },
      {
        "model": "junos 11.4r9-s1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rc2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "telepresence isdn link",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "sbr enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "6.10"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.23"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.6"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "4.05"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "5.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.4"
      },
      {
        "model": "storevirtual fc 900gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.19"
      },
      {
        "model": "tivoli storage productivity center fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.14"
      },
      {
        "model": "sterling connect:enterprise for unix ifix03",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7300"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "officejet enterprise color mfp b5l04a 2302963 436066",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x585"
      },
      {
        "model": "sterling connect:direct for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.01"
      },
      {
        "model": "snapdrive for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.5"
      },
      {
        "model": "via for linux",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "2.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.17"
      },
      {
        "model": "pulse desktop 5.0r3.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "9.3.61.5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.115"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1.2"
      },
      {
        "model": "junos 5.0r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.1"
      },
      {
        "model": "fortios build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0589"
      },
      {
        "model": "virtualization experience media engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jetdirect 620n eio card j7934g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "29.26"
      },
      {
        "model": "junos 10.0s18",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scanjet enterprise document capture workstation l2719a 2302963 436065",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8500"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.33"
      },
      {
        "model": "jabber im for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.12"
      },
      {
        "model": "small cell factory recovery root filesystem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "2.99.4"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.4"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.45"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.0.2"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.31"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "flex system enterprise chassis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8724"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.78"
      },
      {
        "model": "ftp server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cerberus",
        "version": "7.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.0"
      },
      {
        "model": "color laserjet flow m680 ca251a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x365079150"
      },
      {
        "model": "exalogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x3-22.0.6.2.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.4"
      },
      {
        "model": "storevirtual china hybrid storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.10"
      },
      {
        "model": "espace vtm v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "spa122 ata with router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos 10.4r",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.15"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "config manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.6"
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "6.0.3"
      },
      {
        "model": "storevirtual fc 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "websphere datapower soa appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.6"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.00"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "ssl vpn 8.0r4.1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.4"
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "5.5"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "32.0"
      },
      {
        "model": "spa525 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "data ontap smi-s agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.1"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4.0.15"
      },
      {
        "model": "cp1543-1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1.1.25"
      },
      {
        "model": "laserjet m9050 multifunction printer cc395a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51.256.1"
      },
      {
        "model": "ive os 7.4r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.41"
      },
      {
        "model": "laserjet enterprise color m551 series cf081a 2302963 436083",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "advanced settings utility",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.52"
      },
      {
        "model": "msr30 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.0"
      },
      {
        "model": "color laserjet enterprise m750 d3l10a 2302963 436077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "color laserjet cp3505 printer series cb443a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.160.2"
      },
      {
        "model": "laserjet enterprise m601 series ce990a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "oncommand workflow automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "proxysg sgos",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.2.15.6"
      },
      {
        "model": "algo audit and compliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.54"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x357087330"
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.3.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.30"
      },
      {
        "model": "utm",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "9.113"
      },
      {
        "model": "espace u2980 v100r001c02",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.3.9"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3"
      },
      {
        "model": "service delivery manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.4"
      },
      {
        "model": "color laserjet printer series q7536a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "300046.80.2"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.2.0"
      },
      {
        "model": "identity service engine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "jsa 2014.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.2"
      },
      {
        "model": "9.2-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.177"
      },
      {
        "model": "s12700 v200r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "snapdrive for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.35"
      },
      {
        "model": "8.4-release-p11",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "oceanstor s2200t v100r005",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.1"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3950x571431.43"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "hsr6602 russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.18"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1.1"
      },
      {
        "model": "laserjet enterprise color m775 series cc524a 2302963 436079",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "s7-1500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.23"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v39.7"
      },
      {
        "model": "s2900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.10"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "9.6"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.21"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.32"
      },
      {
        "model": "email security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6"
      },
      {
        "model": "nexus series switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "datafort common criteria fc-series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "junos 11.4r7-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.20"
      },
      {
        "model": "pulse desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.38"
      },
      {
        "model": "usg5000 v300r001c10spc200",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "ovf tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5.1"
      },
      {
        "model": "storevirtual china hybrid san solution",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433512.0"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.1"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.9"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "message networking sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.1"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.00"
      },
      {
        "model": "chargeback manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.5"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.7.3"
      },
      {
        "model": "laserjet enterprise flow m830z mfp cf367a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "officejet enterprise color mfp b5l07a 2302963 436066",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "x585"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.0"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "power express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7500"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.5.0.15"
      },
      {
        "model": "junos 12.1x45-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet m4345 multifunction printer cb428a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.8"
      },
      {
        "model": "junos 13.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.4"
      },
      {
        "model": "fortimail build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.3281"
      },
      {
        "model": "color laserjet enterprise m750 d3l08a 2302963 436077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "s5900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "esight v2r3c10spc201",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "laserjet pro m401a/d/dn/dnw/dw/n cf278a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "40020150212"
      },
      {
        "model": "ssl vpn",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "web security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.2"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.40"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.4"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.78"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.65"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "28.0.1500.95"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.5"
      },
      {
        "model": "vma",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.11"
      },
      {
        "model": "video surveillance series ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "70000"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.31"
      },
      {
        "model": "s3900 v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "adaptive security appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.8"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.1.6.3"
      },
      {
        "model": "proxyav",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "3.5.21"
      },
      {
        "model": "anyoffice emm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "huawei",
        "version": "2.6.0601.0090"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.13"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.39"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.8"
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.12"
      },
      {
        "model": "color laserjet enterprise m750 d3l09a 2302963 436077",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "web security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.33"
      },
      {
        "model": "ssl for openvms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-476"
      },
      {
        "model": "system x3400m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73781.42"
      },
      {
        "model": "strm/jsa 2013.2r8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.171"
      },
      {
        "model": "vcenter support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5.1"
      },
      {
        "model": "laserjet p4015 cb511a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "msr50-g2 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storevirtual 1tb mdl china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.21"
      },
      {
        "model": "exalogic",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x4-22.0.6.2.0"
      },
      {
        "model": "system x3550m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79461.42"
      },
      {
        "model": "usg9500 usg9500 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "tssc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.156"
      },
      {
        "model": "laserjet cm3530 multifunction printer cc520a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "53.236.1"
      },
      {
        "model": "s2750\u0026s5700\u0026s6700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "splunk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "splunk",
        "version": "4.3.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.58"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "11.16"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0"
      },
      {
        "model": "jetdirect 690n eio card j8007a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.4"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "flex system p24l",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "ovf tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.17"
      },
      {
        "model": "command view server based management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.3.3"
      },
      {
        "model": "prime network services controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.2.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.18"
      },
      {
        "model": "oic v100r001c00spc402",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "documentum content server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "7.0"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.1"
      },
      {
        "model": "mysql",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.14"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.30"
      },
      {
        "model": "algo one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.7.1"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.0"
      },
      {
        "model": "s7700\u0026s9700 v200r005+v200r005hp0",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "7.3.1"
      },
      {
        "model": "9.2-releng",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "color laserjet cm6030 multifunction printer ce665a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "business server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "1x8664"
      },
      {
        "model": "vma san gateway g5.5.1.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "dsr-1000 1.09.b61",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "laserjet enterprise m603 series ce996a 2302963 436082",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "600"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "tivoli storage flashcopy manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "1.0.4"
      },
      {
        "model": "vtm v100r001c30",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos space 13.3r4.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.4.4"
      },
      {
        "model": "oceanstor s5500t v100r005c30spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "storevirtual 2tb mdl sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.5"
      },
      {
        "model": "xenclient enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.1.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "system type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x3690x571481.43"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "unified ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99510"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.1"
      },
      {
        "model": "imc uam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.00"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.8"
      },
      {
        "model": "integrated management module ii",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.86"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.24"
      },
      {
        "model": "system x3650m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "79491.42"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.213"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "espace u2980 v100r001 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "cloudburst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "laserjet enterprise m602 series ce993a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "tivoli netcool/system service monitor fp8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "watson explorer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.02"
      },
      {
        "model": "vsphere cli",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "junos 10.4r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise p3015 ce528a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.54"
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "8.4-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "rox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22.5"
      },
      {
        "model": "one-x communicator for mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "x2.0.10"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.1"
      },
      {
        "model": "idp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "junos os 13.1r4-s2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "color laserjet enterprise m750 d3l08a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "8.0"
      },
      {
        "model": "firepass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "6.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.0"
      },
      {
        "model": "system x3250m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "42521.42"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "20500"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.3.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.112"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.1.5.2"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1.0.1880"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.1.15"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.32"
      },
      {
        "model": "ape",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "2.0.2"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.43"
      },
      {
        "model": "laserjet m4345 multifunction printer cb426a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "8.4-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "telepresence ip vcr series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "msr20-1x russian version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "telepresence sx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "rational reporting for development intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "si switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55000"
      },
      {
        "model": "aura application server sip core pb26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.99"
      },
      {
        "model": "documentum content server sp1 p26",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.3"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "18.0"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.10"
      },
      {
        "model": "9.2-stable",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems director storage control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.1.1"
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.4.2.0"
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli netcool/system service monitor fp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.28"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "junos 12.1x45-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.2"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.178"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "eupp v100r001c01spc101",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "proxysg sgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.5"
      },
      {
        "model": "flex system p460 compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.2.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.76"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "ecns600 v100r003c00",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos 13.2r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "horizon view client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "storevirtual 600gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.6"
      },
      {
        "model": "proxysgos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "6.4.6.1"
      },
      {
        "model": "service manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.21"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.8.11"
      },
      {
        "model": "oceanstor s2600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ssl for openvms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.4-471"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "color laserjet enterprise cp4025 cc490a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.164.1"
      },
      {
        "model": "communicator for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "smart analytics system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5600v29.7"
      },
      {
        "model": "security information and event management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "9.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "0.9.131.0"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3"
      },
      {
        "model": "laserjet printer series q3723a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9040/90508.260.3"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.06"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3.0"
      },
      {
        "model": "3par service processor sp-4.3.0.ga-17.p000",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453012.0"
      },
      {
        "model": "color laserjet cp6015 q3935a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.27"
      },
      {
        "model": "sbr carrier 7.5.0-r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet enterprise m603 series ce994a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "junos 12.2r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "ave2000 v100r001c00sph001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.3"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.19"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2.21"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.4"
      },
      {
        "model": "laserjet enterprise m4555 mfp ce504a 2302963 436064",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 10.4r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.60"
      },
      {
        "model": "digital sender 9200c q5916a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.271.3"
      },
      {
        "model": "laserjet m3035 multifunction printer cc477a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "48.306.1"
      },
      {
        "model": "system x3620m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73761.42"
      },
      {
        "model": "switch series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v20"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "storevirtual 900gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.6"
      },
      {
        "model": "tivoli netcool/system service monitor fp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "laserjet p3005 printer series q7812a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.190.3"
      },
      {
        "model": "documentum content server sp2 p15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "emc",
        "version": "6.7"
      },
      {
        "model": "laserjet enterprise color flow mfp m575c cd646a 2302963 436081",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.55"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "9.2-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.90"
      },
      {
        "model": "laserjet p4515 cb514a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.203.1"
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.16"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "2.0.3"
      },
      {
        "model": "10.0-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.4.13"
      },
      {
        "model": "msr4000 family",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "473012.5"
      },
      {
        "model": "system x3400m2 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "78371.42"
      },
      {
        "model": "junos 12.2r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "31005.1.21"
      },
      {
        "model": "laserjet p4014 cb506a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "big-ip edge gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.2"
      },
      {
        "model": "laserjet enterprise mfp m525f cf116a 2302963 436069",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "500"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "5.5.4"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "463012.5"
      },
      {
        "model": "financial services lending and leasing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "14.1"
      },
      {
        "model": "flex system p24l compute node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "nac appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "vpn client v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "metro ethernet series access devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "12000"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "email security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.5"
      },
      {
        "model": "eucalyptus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "eucalyptus",
        "version": "3.4.2"
      },
      {
        "model": "3par service processor sp-4.1.0.ga-97.p011",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.25"
      },
      {
        "model": "3par service processor sp-4.1.0.ga-97.p010",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "prime network",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "20.0.1132.20"
      },
      {
        "model": "cloudsystem foundation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.1"
      },
      {
        "model": "database and middleware automation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.01"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.30"
      },
      {
        "model": "jetdirect 635n eio card j7961g",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "41.16"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.84"
      },
      {
        "model": "storevirtual 900gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433012.5"
      },
      {
        "model": "vdi-in-a-box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.4.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.3"
      },
      {
        "model": "junos 13.3r2-s3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.36"
      },
      {
        "model": "prime infrastructure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "color laserjet multifunction printer series q7517a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "400046.380.3"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "ace application control engine appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "flex system p460",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "(7895-42x)0"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "10.04"
      },
      {
        "model": "junos pulse for ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "stunnel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "stunnel",
        "version": "5.01"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.1.18"
      },
      {
        "model": "websphere datapower xml security gateway xs40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.05"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "41005.2"
      },
      {
        "model": "tivoli network manager ip edition fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.94"
      },
      {
        "model": "laserjet enterprise mfp m630 series b3g86a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.8"
      },
      {
        "model": "dsr-500n rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "color laserjet m651 cz257a 2302963 436073",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.21"
      },
      {
        "model": "color laserjet cm6040 multifunction printer q3938a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "52.256.1"
      },
      {
        "model": "netiq sslvpn server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "novell",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.45"
      },
      {
        "model": "junos space",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "11.4"
      },
      {
        "model": "ios xr software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.77"
      },
      {
        "model": "storevirtual 600gb sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "413011.5"
      },
      {
        "model": "color laserjet cp4005 printer series cb503a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "46.230.6"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.18"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.75"
      },
      {
        "model": "sparc m10-1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "nip2000\u00265000 v100r002c10spc100",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2.5"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "laserjet enterprise m603 series ce995a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.44"
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "laserjet enterprise mfp m630 series j7x28a 2303714 233000041",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "33.0.1750.166"
      },
      {
        "model": "junos 11.4r3.7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "eupp v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "open source security information management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "junos 13.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.52"
      },
      {
        "model": "dsr-500 rev. a1",
        "scope": null,
        "trust": 0.3,
        "vendor": "d link",
        "version": null
      },
      {
        "model": "guardium database activity monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.1.0"
      },
      {
        "model": "dgs-1500.20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "d link",
        "version": "2.51.005"
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "laserjet enterprise m602 series ce992a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6000"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos d15",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x45-"
      },
      {
        "model": "update manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "laserjet p2055 printer series ce457a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "20141201"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.1.5"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "idol image server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.87"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.35"
      },
      {
        "model": "system m4 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "x375087520"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.27"
      },
      {
        "model": "oceanstor s5800t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-ip wom",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "blackberry os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "10.1"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.36"
      },
      {
        "model": "jabber for mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.47"
      },
      {
        "model": "itbm standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.0.1"
      },
      {
        "model": "fortigate",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "453011.5"
      },
      {
        "model": "mcp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66000"
      },
      {
        "model": "color laserjet flow m680 cz250a 2302963 436072",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "websphere cast iron cloud integration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.32"
      },
      {
        "model": "unified series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "69000"
      },
      {
        "model": "tivoli netcool/system service monitor fp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0"
      },
      {
        "model": "one-x communicator for microsoft windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.6"
      },
      {
        "model": "host checker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos 12.2r8-s2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "scale out network attached storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.21-20"
      },
      {
        "model": "oceanstor s5600t v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "big-iq cloud",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.38"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "linerate",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "2.3.1"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.0.6"
      },
      {
        "model": "system x3400m3 type",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "73791.42"
      },
      {
        "model": "laserjet enterprise color m551 series cf083a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5000"
      },
      {
        "model": "big-iq security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "4.2"
      },
      {
        "model": "winscp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "winscp",
        "version": "5.1.6"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2.4"
      },
      {
        "model": "security network protection",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "51005.1.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.35"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.97"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.34"
      },
      {
        "model": "unified communications manager session management edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.22"
      },
      {
        "model": "malware analyzer g2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "4.1"
      },
      {
        "model": "video surveillance ptz ip cameras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "snapdrive for unix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "client applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.2"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "4.0.14"
      },
      {
        "model": "laserjet enterprise color mfp m880 d7p71a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "security module for cisco network registar",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "color laserjet cp3525 cc470a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.183.1"
      },
      {
        "model": "sbr carrier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "8.0"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.11"
      },
      {
        "model": "big-ip gtm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.2.1"
      },
      {
        "model": "rc1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.2"
      },
      {
        "model": "laserjet p4014 cb512a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "open systems snapvault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "tivoli storage productivity center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.2.145"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storevirtual 450gb sas storage/s-buy",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-320"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.3.0.1"
      },
      {
        "model": "data ontap storage management initiative specification a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "chrome for android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "35.0"
      },
      {
        "model": "aura application server sip core pb16",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53002.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "idp series 5.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "s6900 v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "4.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "10.2.4"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.0.00"
      },
      {
        "model": "cloudplatform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "4.2.1"
      },
      {
        "model": "puremessage for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sophos",
        "version": "5.5.5"
      },
      {
        "model": "proventia network security controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "netscaler",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "10.1-122.17"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "21.0.1180.5"
      },
      {
        "model": "fortimail build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6170"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "1.9.4"
      },
      {
        "model": "junos 10.4r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.2"
      },
      {
        "model": "integrated management module ii",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.30"
      },
      {
        "model": "vfabric web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.3.4"
      },
      {
        "model": "dsm v100r002",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communications policy management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.1"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "laserjet enterprise m712 series cf238a 2302963 436080",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "700"
      },
      {
        "model": "big-ip analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.4.1"
      },
      {
        "model": "telepresence mx series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "insight control server deployment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "css series content services switches",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "115000"
      },
      {
        "model": "telepresence system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "500-370"
      },
      {
        "model": "tivoli workload scheduler distributed fp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.1"
      },
      {
        "model": "unified agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "1.1"
      },
      {
        "model": "oceanstor s5800t v100r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "26.0.1410.35"
      },
      {
        "model": "aura communication manager utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.3.2.10"
      },
      {
        "model": "oneview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "1.05"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "pan-os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "paloaltonetworks",
        "version": "5.0.7"
      },
      {
        "model": "rational tau",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.33"
      },
      {
        "model": "sylpheed",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sylpheed",
        "version": "0.9.5"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "web security gateway anywhere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "websense",
        "version": "7.8.3"
      },
      {
        "model": "big-ip webaccelerator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "11.3"
      },
      {
        "model": "junos space 13.3r1.9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "laserjet p4515 cb517a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.213.1"
      },
      {
        "model": "storevirtual 450gb china sas storage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "433011.5"
      },
      {
        "model": "s7700\u0026s9700 v200r001",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "9.3-beta1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "software foundation python",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "python",
        "version": "2.7"
      },
      {
        "model": "chrome os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "google",
        "version": "25.0.1364.98"
      },
      {
        "model": "laserjet enterprise color mfp m880 a2w75a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8000"
      },
      {
        "model": "security analytics platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bluecoat",
        "version": "7.1"
      },
      {
        "model": "horizon workspace server gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "1.5"
      },
      {
        "model": "laserjet enterprise p3015 ce595a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.186.1"
      },
      {
        "model": "espace usm v100r001c01",
        "scope": null,
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0m",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1h",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8za",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.45",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:application_processing_engine_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:cp1543-1_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.1.25",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:cp1543-1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:s7-1500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:s7-1500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:rox_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "1.16.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:rox:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.13",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.2",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.8",
                "versionStartIncluding": "2.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.29",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      }
    ],
    "trust": 0.5
  },
  "cve": "CVE-2014-0224",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-0224",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0224",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201406-080",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0224",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. \nVersions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable. \n\nHP Connect IT / HP SPM CIT - 9.5x\n Please install: HP Connect IT 9.53.P2\n\nFor Windows\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070\n\nFor Linux\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071\n\nFor AIX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072\n\nFor HPUX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073\n\nFor Solaris\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074\n\nHP Connect IT / HP SPM CIT - 9.4x\n Please install: HP Connect IT 9.40.P1\n\nFor windows(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075\n\nFor Linux(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076\n\nFor AIX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077\n\nFor HPUX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078\n\nFor Solaris(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079\n\nHP Connect IT / HP SPM AM  5.2x\n Please install: HP Connect IT 9.41.P1\n\nHISTORY\nVersion:1 (rev.1) - 19 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. ============================================================================\nUbuntu Security Notice USN-2232-3\nJune 23, 2014\n\nopenssl regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nUSN-2232-1 introduced a regression in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\nrenegotiation, such as PostgreSQL. This update fixes the problem. \n\nOriginal advisory details:\n\n J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\n fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n  Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A\n remote attacker could use this issue to cause OpenSSL to crash, resulting\n in a denial of service. (CVE-2014-0221)\n  KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\n handshakes. \n (CVE-2014-0224)\n  Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. A remote attacker could use this issue to\n cause OpenSSL to crash, resulting in a denial of service. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.4\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.6\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.16\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.19\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2232-3\n  http://www.ubuntu.com/usn/usn-2232-1\n  https://launchpad.net/bugs/1332643\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201407-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: July 27, 2014\n     Bugs: #512506\n       ID: 201407-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, possibly allowing\nremote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl           \u003c 1.0.1h-r1             *\u003e= 0.9.8z_p5\n                                                        *\u003e= 0.9.8z_p4\n                                                        *\u003e= 0.9.8z_p1\n                                                        *\u003e= 0.9.8z_p3\n                                                        *\u003e= 0.9.8z_p2\n                                                           *\u003e= 1.0.0m\n                                                         \u003e= 1.0.1h-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n      http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04347622\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04347622\nVersion: 1\n\nHPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network\nProducts including H3C and 3COM Routers and Switches running OpenSSL, Remote\nDenial of Service (DoS), Code Execution, Unauthorized Access, Modification or\nDisclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-06-20\nLast Updated: 2014-06-20\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\nunauthorized access, modification of information, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Intelligent\nManagement Center (iMC), HP Network Products including 3COM and H3C routers\nand switches running OpenSSL. The vulnerabilities could be exploited remotely\nto create a Denial of Service (DoS), execute code, allow unauthorized access,\nmodify or disclose information. \n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information\nCVE-2014-0198 Remote Unauthorized Access (only iMC impacted)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nSSRT101561\nNote: All products listed are impacted by CVE-2014-0224 . iMC is also\nimpacted by CVE-2014-0198 and CVE-2010-5298\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5298    (AV:N/AC:H/Au:N/C:N/I:P/A:P)       4.0\nCVE-2014-0198    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0224    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nOn June 5th 2014, OpenSSL.org issued an advisory with several CVE\nvulnerabilities. HP Networking is working to release fixes for these\nvulnerabilities that impact the products in the table below. As fixed\nsoftware is made available, this security bulletin will be updated to show\nthe fixed versions. Until the software fixes are available, HP Networking is\nproviding the following information including possible workarounds to\nmitigate the risks of these vulnerabilities. \n\nDescription\n\nThe most serious issue reported is CVE-2014-0224 and it is the one discussed\nhere. To take advantage CVE-2014-0224, an attacker must:\n\nbe in between the OpenSSL client and OpenSSL server. \nbe capable of intercepting and modifying packets between the OpenSSL client\nand OpenSSL server in real time. \n\nWorkarounds\n\nHP Networking equipment is typically deployed inside firewalls and access to\nmanagement interfaces and other protocols is more tightly controlled than in\npublic environments. This deployment and security restrictions help to reduce\nthe possibility of an attacker being able to intercept both OpenSSL client\nand OpenSSL server traffic. \n\nFollowing the guidelines in the Hardening Comware-based devices can help to\nfurther reduce man-in-the-middle opportunities:\n\nhttp://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536\n920\n\nFor an HP Networking device acting as an OpenSSL Server, using a patched\nOpenSSL client or non-OpenSSL client eliminates the risk. As an example, most\nmodern web browsers do not use the OpenSSL client and the sessions between\nthe HP Networking OpenSSL server and the non-OpenSSL client are not at risk\nfor this attack. For HP Networking Equipment that is using an OpenSSL client,\npatching the OpenSSL server will eliminate the risk of this attack. \n\nProtocol Notes\n\nThe following details the protocols that use OpenSSL in Comware v5 and\nComware v7:\n\nComware V7:\n\nServer:\n\nFIPS/HTTPS/Load Balancing/Session Initiation Protocol\n\nClient:\n\nLoad Balancing/OpenFlow/Session Initiation Protocol/State Machine Based\nAnti-Spoofing/Dynamic DNS\n\nComware V5:\n\nServer:\n\nCAPWAP/EAP/SSLVPN\n\nClient:\n\nDynamic DNS\n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n\n12900 Switch Series\n Fix in progress\nuse mitigations\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n12500\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n12500 (Comware v7)\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n11900 Switch Series\n Fix in progress\nuse mitigations\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n10500 Switch Series (Comware v5)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n10500 Switch Series (Comware v7)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n9500E\n Fix in progress\nuse mitigations\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\nRouter 8800\n Fix in progress\nuse mitigations\n JC147A HP A8802 Router Chassis\nJC147B HP 8802 Router Chassis\nJC148A HP A8805 Router Chassis\nJC148B HP 8805 Router Chassis\nJC149A HP A8808 Router Chassis\nJC149B HP 8808 Router Chassis\nJC150A HP A8812 Router Chassis\nJC150B HP 8812 Router Chassis\nJC141A HP 8802 Main Control Unit Module\nJC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod\nJC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod\n H3C SR8805 10G Core Router Chassis (0235A0G8)\nH3C SR8808 10G Core Router Chassis (0235A0G9)\nH3C SR8812 10G Core Router Chassis (0235A0GA)\nH3C SR8802 10G Core Router Chassis (0235A0GC)\nH3C SR8802 10G Core Router Chassis (0235A31B)\nH3C SR8805 10G Core Router Chassis (0235A31C)\nH3C SR8808 10G Core Router Chassis (0235A31D)\nH3C SR8812 10G Core Router Chassis (0235A31E)\n\n7500 Switch Series\n Fix in progress\nuse mitigations\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\nHSR6800\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6800 Russian Version\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6602\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nHSR6602 Russian Version\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nA6600\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\nA6600 Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n5920 Switch Series\n Fix in progress\nuse mitigations\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n5900 Switch Series\n Fix in progress\nuse mitigations\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n5900 Virtual Switch\n Fix in progress\nuse mitigations\n JG814AAE HP Virtual Switch 5900v VMware E-LTU\nJG815AAE HP VSO SW for 5900v VMware E-LTU\n\n5830 Switch Series\n Fix in progress\nuse mitigations\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n5820 Switch Series\n Fix in progress\nuse mitigations\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n5800 Switch Series\n Fix in progress\nuse mitigations\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n5500 HI Switch Series\n Fix in progress\nuse mitigations\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n5500 EI Switch Series\n Fix in progress\nuse mitigations\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n5500 SI Switch Series\n Fix in progress\nuse mitigations\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n5120 EI Switch Series\n Fix in progress\nuse mitigations\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n5120 SI switch Series\n Fix in progress\nuse mitigations\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n4800 G Switch Series\n Fix in progress\nuse mitigations\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n\n4510G Switch Series\n Fix in progress\nuse mitigations\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n\n4210G Switch Series\n Fix in progress\nuse mitigations\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n\n3610 Switch Series\n Fix in progress\nuse mitigations\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n3600 V2 Switch Series\n Fix in progress\nuse mitigations\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n3100V2\n Fix in progress\nuse mitigations\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n3100V2-48\n Fix in progress\nuse mitigations\n JG315A HP 3100-48 v2 Switch\n\n1910\n Fix in progress\nuse mitigations\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293)\n3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093)\n3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893)\n3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93)\n3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)\n\n1810v1 P2\n Fix in progress\nuse mitigations\n J9449A HP 1810-8G Switch\nJ9450A HP 1810-24G Switch\n\n1810v1 PK\n Fix in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nMSR20\n Fix in progress\nuse mitigations\n JD432A HP A-MSR20-21 Multi-Service Router\nJD662A HP MSR20-20 Multi-Service Router\nJD663A HP MSR20-21 Multi-Service Router\nJD663B HP MSR20-21 Router\nJD664A HP MSR20-40 Multi-Service Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\nH3C MSR 20-20 (0235A19H)\nH3C MSR 20-21 (0235A325)\nH3C MSR 20-40 (0235A19K)\nH3C MSR-20-21 Router (0235A19J)\n\nMSR20-1X\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\nMSR30\n Fix in progress\nuse mitigations\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\nMSR30-16\n Fix in progress\nuse mitigations\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\nMSR30-1X\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\nMSR50\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\nMSR50-G2\n Fix in progress\nuse mitigations\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\nMSR20 Russian version\n Fix in progress\nuse mitigations\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\nMSR20-1X Russian version\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\nMSR30 Russian version\n Fix in progress\nuse mitigations\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\nMSR30-1X Russian version\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\nMSR30-16 Russian version\n Fix in progress\nuse mitigations\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\nMSR50 Russian version\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\nMSR50 G2 Russian version\n Fix in progress\nuse mitigations\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\nMSR9XX\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\nMSR9XX Russian version\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\n H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\nH3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\n\nMSR93X\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR93X Russian version\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR1000\n Fix in progress\nuse mitigations\n JG732A HP MSR1003-8 AC Router\n\nMSR2000\n Fix in progress\nuse mitigations\n JG411A HP MSR2003 AC Router\n\nMSR3000\n Fix in progress\nuse mitigations\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\nMSR4000\n Fix in progress\nuse mitigations\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\nF5000\n Fix in progress\nuse mitigations\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\nU200S and CS\n Fix in progress\nuse mitigations\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\nU200A and M\n Fix in progress\nuse mitigations\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\nF1000A and S\n Fix in progress\nuse mitigations\n JD270A HP S1000-S VPN Firewall Appliance\nJD271A HP S1000-A VPN Firewall Appliance\nJG213A HP F1000-S-EI VPN Firewall Appliance\nJG214A HP F1000-A-EI VPN Firewall Appliance\n\nSecBlade FW\n Fix in progress\nuse mitigations\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\nF1000E\n Fix in progress\nuse mitigations\n JD272A HP S1000-E VPN Firewall Appliance\n\nVSR1000\n Fix in progress\nuse mitigations\n JG810AAE HP VSR1001 Virtual Services Router\nJG811AAE HP VSR1001 Virtual Services Router\nJG812AAE HP VSR1004 Virtual Services Router\nJG813AAE HP VSR1008 Virtual Services Router\n\nWX5002/5004\n Fix in progress\nuse mitigations\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\nHP 850/870\n Fix in progress\nuse mitigations\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\n\nHP 830\n Fix in progress\nuse mitigations\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\nHP 6000\n Fix in progress\nuse mitigations\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\nM220\n Fix in progress\nuse mitigations\n J9798A HP M220 802.11n AM Access Point\nJ9799A HP M220 802.11n WW Access Point\n\nNGFW\n Fix in progress\nuse mitigations\n JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic\nJC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic\nJC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic\nJC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic\nJC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic\n\niMC UAM 7.0\n Fix in progress\nuse mitigations\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJD435A HP IMC EAD Client Software\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\niMC EAD 7.0\n Fix in progress\nuse mitigations\n JF391AAE HP IMC EAD S/W Module w/200-user E-LTU\nJG754AAE HP IMC EAD SW Module w/ 50-user E-LTU\nJD147A HP IMC Endpoint Admission Defense Software Module with 200-user\nLicense\nJF391A HP IMC EAD S/W Module w/200-user License\n\niMC PLAT 7.0\n Fix in progress\nuse mitigations\n JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG747AAE HP IMC Standard Software Platform with 50-node E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\nJD125A HP IMC Standard Edition Software Platform with 100-node License\nJD815A HP IMC Standard Edition Software Platform with 100-node License\nJD816A HP A-IMC Standard Edition Software DVD Media\nJF377A HP IMC Standard Edition Software Platform with 100-node License\nJF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU\nJF289AAE HP Enterprise Management System to Intelligent Management Center\nUpgrade E-LTU\nTJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL\nnot HPNs)\nJF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU\nJG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU\nJD126A HP A-IMC Enterprise Software Platform with 200-node License\nJD808A HP A-IMC Enterprise Software Platform with 200-node License\nJD814A HP A-IMC Enterprise Edition Software DVD Media\nJF378A HP IMC Enterprise Edition Software Platform with 200-node License\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition\nE-LTU\nJG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance\nSoftware E-LTU\n\nHISTORY\nVersion:1 (rev.1) - 20 June 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq\nCtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM\n=CEL7\n-----END PGP SIGNATURE-----\n. \nOpenSSL is a 3rd party product that is embedded with some HP printer\nproducts. This bulletin notifies HP Printer customers about impacted\nproducts. To obtain the updated firmware, go to www.hp.com and follow\nthese steps:\n\nSelect \"Drivers \u0026 Software\". \nEnter the appropriate product name listed in the table below into the search\nfield. \nClick on \"Search\". \nClick on the appropriate product. \nUnder \"Select operating system\" click on \"Cross operating system (BIOS,\nFirmware, Diagnostics, etc.)\"\nNote: If the \"Cross operating system ...\" link is not present, select\napplicable Windows operating system from the list. \nSelect the appropriate firmware update under \"Firmware\". \n\nFirmware Updates Table\n\nProduct Name\n Model Number\n Firmware Revision\n\nHP Color LaserJet CM4540 MFP\n CC419A, CC420A, CC421A\n v 2302963_436067 (or higher)\n\nHP Color LaserJet CP5525\n CE707A,CE708A,CE709A\n v 2302963_436070 (or higher)\n\nHP Color LaserJet Enterprise M750\n D3L08A, D3L09A, D3L10A\n v 2302963_436077 (or higher)\n\nHP Color LaserJet M651\n CZ255A, CZ256A, CZ257A, CZ258A\n v 2302963_436073 (or higher)\n\nHP Color LaserJet M680\n CZ248A, CZ249A\n v 2302963_436072 (or higher)\n\nHP Color LaserJet Flow M680\n CZ250A, CA251A\n v 2302963_436072 (or higher)\n\nHP LaserJet Enterprise 500 color MFP M575dn\n CD644A, CD645A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise 500 MFP M525f\n CF116A, CF117A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise 600 M601 Series\n CE989A, CE990A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M602 Series\n CE991A, CE992A, CE993A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M603 Series\n CE994A, CE995A, CE996A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise MFP M630 series\n B3G84A, B3G85A, B3G86A, J7X28A\n v 2303714_233000041 (or higher)\n\nHP LaserJet Enterprise 700 color M775 series\n CC522A, CC523A, CC524A, CF304A\n v 2302963_436079 (or higher)\n\nHP LaserJet Enterprise 700 M712 series\n CF235A, CF236A, CF238A\n v 2302963_436080 (or higher)\n\nHP LaserJet Enterprise 800 color M855\n A2W77A, A2W78A, A2W79A\n v 2302963_436076 (or higher)\n\nHP LaserJet Enterprise 800 color MFP M880\n A2W76A, A2W75A, D7P70A, D7P71A\n v 2302963_436068 (or higher)\n\nHP LaserJet Enterprise Color 500 M551 Series\n CF081A,CF082A,CF083A\n v 2302963_436083 (or higher)\n\nHP LaserJet Enterprise color flow MFP M575c\n CD646A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise flow M830z MFP\n CF367A\n v 2302963_436071 (or higher)\n\nHP LaserJet Enterprise flow MFP M525c\n CF118A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise M4555 MFP\n CE502A,CE503A, CE504A, CE738A\n v 2302963_436064 (or higher)\n\nHP LaserJet Enterprise M806\n CZ244A, CZ245A\n v 2302963_436075 (or higher)\n\nHP LaserJet Enterprise MFP M725\n CF066A, CF067A, CF068A, CF069A\n v 2302963_436078 (or higher)\n\nHP Scanjet Enterprise 8500 Document Capture Workstation\n L2717A, L2719A\n v 2302963_436065 (or higher)\n\nOfficeJet Enterprise Color MFP X585\n B5L04A, B5L05A,B5L07A\n v 2302963_436066 (or higher)\n\nOfficeJet Enterprise Color X555\n C2S11A, C2S12A\n v 2302963_436074 (or higher)\n\nHP Color LaserJet CP3525\n CC468A, CC469A, CC470A, CC471A\n v 06.183.1 (or higher)\n\nHP LaserJet M4345 Multifunction Printer\n CB425A, CB426A, CB427A, CB428A\n v 48.306.1 (or higher)\n\nHP LaserJet M5025 Multifunction Printer\n Q7840A\n v 48.306.1 (or higher)\n\nHP Color LaserJet CM6040 Multifunction Printer\n Q3938A, Q3939A\n v 52.256.1 (or higher)\n\nHP Color LaserJet Enterprise CP4525\n CC493A, CC494A, CC495A\n v 07.164.1 (or higher)\n\nHP Color LaserJet Enterprise CP4025\n CC489A, CC490A\n v 07.164.1 (or higher)\n\nHP LaserJet M5035 Multifunction Printer\n Q7829A, Q7830A, Q7831A\n v 48.306.1 (or higher)\n\nHP LaserJet M9050 Multifunction Printer\n CC395A\n v 51.256.1 (or higher)\n\nHP LaserJet M9040 Multifunction Printer\n CC394A\n v 51.256.1 (or higher)\n\nHP Color LaserJet CM4730 Multifunction Printer\n CB480A, CB481A, CB482A, CB483A\n v 50.286.1 (or higher)\n\nHP LaserJet M3035 Multifunction Printer\n CB414A, CB415A, CC476A, CC477A\n v 48.306.1 (or higher)\n\nHP 9250c Digital Sender\n CB472A\n v 48.293.1 (or higher)\n\nHP LaserJet Enterprise P3015\n CE525A,CE526A,CE527A,CE528A,CE595A\n v 07.186.1 (or higher)\n\nHP LaserJet M3027 Multifunction Printer\n CB416A, CC479A\n v 48.306.1 (or higher)\n\nHP LaserJet CM3530 Multifunction Printer\n CC519A, CC520A\n v 53.236.1 (or higher)\n\nHP Color LaserJet CP6015\n Q3931A, Q3932A, Q3933A, Q3934A, Q3935A\n v 04.203.1 (or higher)\n\nHP LaserJet P4515\n CB514A,CB515A, CB516A, CB517A\n v 04.213.1 (or higher)\n\nHP Color LaserJet CM6030 Multifunction Printer\n CE664A, CE665A\n v 52.256.1 (or higher)\n\nHP LaserJet P4015\n CB509A, CB526A, CB511A, CB510A\n v 04.213.1 (or higher)\n\nHP LaserJet P4014\n CB507A, CB506A, CB512A\n v 04.213.1 (or higher)\n\nHISTORY\nVersion:1 (rev.1) - 22 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      },
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224",
        "trust": 2.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10629",
        "trust": 1.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#978508",
        "trust": 1.9
      },
      {
        "db": "MCAFEE",
        "id": "SB10075",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "59824",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59310",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59380",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59661",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59162",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59666",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59191",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59188",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60176",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59375",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59101",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59441",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59163",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59142",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59126",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59186",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60567",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59189",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59437",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59445",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58639",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59282",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59132",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59506",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59383",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59135",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59342",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59659",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59364",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58492",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60066",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58337",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60571",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59192",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58667",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59223",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59004",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59459",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59990",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59214",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59338",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59438",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59429",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59287",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60577",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59530",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59448",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58759",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59012",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59894",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59175",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59055",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59669",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59368",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59518",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58714",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58716",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60049",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59043",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59655",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59878",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59370",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59449",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59435",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59491",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59495",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59514",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59120",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58579",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59721",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59529",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59284",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59389",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58745",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59167",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58128",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58977",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59442",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59040",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58939",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59784",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59093",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59454",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59885",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58660",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59460",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59354",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58743",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59362",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58945",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59446",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59602",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59305",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58433",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59502",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59374",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59264",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59528",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58713",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59325",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59450",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58385",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60819",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59525",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59490",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59231",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59365",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "61254",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59301",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59440",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59202",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59451",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59190",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59447",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59589",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "60522",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58742",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59677",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59300",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59306",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "61815",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59413",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59483",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59063",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58719",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59444",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59211",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59827",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59215",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59347",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58930",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59916",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "58615",
        "trust": 1.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-234763",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1031594",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1031032",
        "trust": 1.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4645",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24443",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080",
        "trust": 0.6
      },
      {
        "db": "DLINK",
        "id": "SAP10045",
        "trust": 0.3
      },
      {
        "db": "DLINK",
        "id": "SAP10046",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10643",
        "trust": 0.3
      },
      {
        "db": "JUNIPER",
        "id": "JSA10659",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-094-04",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03F",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03G",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03B",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03C",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-198-03D",
        "trust": 0.3
      },
      {
        "db": "JVN",
        "id": "JVN61247051",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "67899",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0224",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127936",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127166",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127630",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127422",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127403",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127190",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "128345",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "id": "VAR-201406-0445",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.4594171644
  },
  "last_update_date": "2024-07-23T21:30:24.345000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.1h",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51081"
      },
      {
        "title": "openssl-1.0.0m",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51080"
      },
      {
        "title": "openssl-0.9.8za",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51079"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-351",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-351"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=d0eef6c81e529a1b8e4ea4b72eaef4d0"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-350",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-350"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=b92b65104373bc8476811ff1b99cd369"
      },
      {
        "title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=a7d1e620ea07a6fd4d3ec24012763337"
      },
      {
        "title": "Red Hat: CVE-2014-0224",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2014-0224"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-3"
      },
      {
        "title": "HP: HPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=hpsbpi03107"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-4"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-1"
      },
      {
        "title": "Ubuntu Security Notice: openssl regression",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2232-2"
      },
      {
        "title": "Debian Security Advisories: DSA-2950-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=909292f2afe623fbec51f7ab6b32f790"
      },
      {
        "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6"
      },
      {
        "title": "Tenable Security Advisories: [R8] Tenable Products Affected by OpenSSL \u0027CCS Injection\u0027 Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2014-03"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2014-349",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349"
      },
      {
        "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60"
      },
      {
        "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201"
      },
      {
        "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2014-0224 "
      },
      {
        "title": "crochet-technologies",
        "trust": 0.1,
        "url": "https://github.com/crochet-technology/crochet-technologies "
      },
      {
        "title": "openssl-ccs-cve-2014-0224",
        "trust": 0.1,
        "url": "https://github.com/ssllabs/openssl-ccs-cve-2014-0224 "
      },
      {
        "title": "android-development-best-practices",
        "trust": 0.1,
        "url": "https://github.com/niharika2810/android-development-best-practices "
      },
      {
        "title": "ssl-grader",
        "trust": 0.1,
        "url": "https://github.com/sslyze410-sslgrader-wciphersuite-info/ssl-grader "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/dtarnawsky/capacitor-plugin-security-provider "
      },
      {
        "title": "qualysparser",
        "trust": 0.1,
        "url": "https://github.com/pr4jwal/qualysparser "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/wanderwille/13.01 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://support.citrix.com/article/ctx140876"
      },
      {
        "trust": 2.5,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html"
      },
      {
        "trust": 2.2,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676615"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1020948"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg1it02314"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676877"
      },
      {
        "trust": 2.2,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
      },
      {
        "trust": 2.2,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1004678"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 2.2,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783"
      },
      {
        "trust": 2.0,
        "url": "http://www.openssl.org/news/secadv_20140605.txt"
      },
      {
        "trust": 1.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29217"
      },
      {
        "trust": 1.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629"
      },
      {
        "trust": 1.9,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1"
      },
      {
        "trust": 1.9,
        "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678233"
      },
      {
        "trust": 1.9,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195"
      },
      {
        "trust": 1.9,
        "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html"
      },
      {
        "trust": 1.9,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-6"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037730"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037727"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676833"
      },
      {
        "trust": 1.9,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80"
      },
      {
        "trust": 1.9,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075"
      },
      {
        "trust": 1.9,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/"
      },
      {
        "trust": 1.9,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020172"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675626"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0630.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0631.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0633.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0632.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0627.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0680.html"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676644"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836"
      },
      {
        "trust": 1.9,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095740"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676501"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677131"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676496"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676478"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037731"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037732"
      },
      {
        "trust": 1.9,
        "url": "http://www.kb.cert.org/vuls/id/978508"
      },
      {
        "trust": 1.7,
        "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml"
      },
      {
        "trust": 1.6,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59661"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59301"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59300"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59784"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59413"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59655"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60522"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59659"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141383465822787\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://access.redhat.com/site/blogs/766093/posts/908133"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140784085708882\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59310"
      },
      {
        "trust": 1.6,
        "url": "http://linux.oracle.com/errata/elsa-2014-1053.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59666"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58337"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58579"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59305"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59306"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59669"
      },
      {
        "trust": 1.6,
        "url": "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59429"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676333"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676334"
      },
      {
        "trust": 1.6,
        "url": "http://ccsinjection.lepidum.co.jp"
      },
      {
        "trust": 1.6,
        "url": "http://support.apple.com/kb/ht6443"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140852757108392\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6061\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58667"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59514"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59878"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59518"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140870499402361\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.blackberry.com/btsc/kb36051"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60066"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141025641601169\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140386311427810\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59093"
      },
      {
        "trust": 1.6,
        "url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140369637402535\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59530"
      },
      {
        "trust": 1.6,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015264"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59894"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/jun/38"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58433"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59885"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59525"
      },
      {
        "trust": 1.6,
        "url": "https://filezilla-project.org/versions.php?type=server"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141147110427269\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677567"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59529"
      },
      {
        "trust": 1.6,
        "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_mssql.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59528"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59063"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141383410222440\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59186"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59189"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/61815"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140604261522465\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59188"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60049"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/61254"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59190"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59192"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59191"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59990"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58660"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59502"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59506"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60176"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59040"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59282"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59163"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59284"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59162"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59043"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59167"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59287"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58742"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676845"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58743"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58745"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0624.html"
      },
      {
        "trust": 1.6,
        "url": "https://www.imperialviolet.org/2014/06/05/earlyccs.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59055"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59175"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140794476212181\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59721"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59602"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58759"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58639"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=6060\u0026myns=phmc\u0026mync=e"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142350350616251\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1031032"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59380"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59383"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59264"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59142"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0626.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59389"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140983229106599\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.splunk.com/view/sp-caaam2d"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677390"
      },
      {
        "trust": 1.6,
        "url": "http://www.kerio.com/support/kerio-control/release-history"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60819"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037729"
      },
      {
        "trust": 1.6,
        "url": "http://seclists.org/fulldisclosure/2014/dec/23"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58977"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59824"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58615"
      },
      {
        "trust": 1.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103586"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59827"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
      },
      {
        "trust": 1.6,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59120"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59362"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59483"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59365"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59364"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59004"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58945"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59916"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
      },
      {
        "trust": 1.6,
        "url": "http://esupport.trendmicro.com/solution/en-us/1103813.aspx"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61506"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59370"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59491"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59490"
      },
      {
        "trust": 1.6,
        "url": "http://puppetlabs.com/security/cve/cve-2014-0224"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59132"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59374"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59495"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59012"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59375"
      },
      {
        "trust": 1.6,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015300"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140499864129699\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59135"
      },
      {
        "trust": 1.6,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142805027510172\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59126"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59368"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58713"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58714"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58716"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58719"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1031594"
      },
      {
        "trust": 1.6,
        "url": "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677080"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58492"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59460"
      },
      {
        "trust": 1.6,
        "url": "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_windows.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59101"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59342"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59223"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59215"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60567"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004690"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59214"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58128"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59338"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59459"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676786"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=142546741516006\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59231"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59354"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58385"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59347"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59589"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60577"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140852826008699\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58930"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037761"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=141164638606214\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf"
      },
      {
        "trust": 1.6,
        "url": "https://discussions.nessus.org/thread/7517"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676536"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/58939"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/60571"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59440"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59442"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59441"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59202"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59444"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59435"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59677"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59437"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037870"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59438"
      },
      {
        "trust": 1.6,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "https://www.novell.com/support/kb/doc.php?id=7015271"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59451"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59450"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59211"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ssg1s1004670"
      },
      {
        "trust": 1.6,
        "url": "http://marc.info/?l=bugtraq\u0026m=140672208601650\u0026w=2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59454"
      },
      {
        "trust": 1.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ssg1s1004671"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59325"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59446"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59445"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59448"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59447"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59449"
      },
      {
        "trust": 1.0,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=bc8923b1ec9c467755cd86f7848c50ee8812e441"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224"
      },
      {
        "trust": 0.6,
        "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24443"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.5,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.5,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032618"
      },
      {
        "trust": 0.3,
        "url": "http://www.sophos.com/en-us/support/knowledgebase/121112.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://sylpheed.sraoss.jp/en/news.html"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false"
      },
      {
        "trust": 0.3,
        "url": "http://www.arubanetworks.com/support/alerts/aid-06062014.txt"
      },
      {
        "trust": 0.3,
        "url": "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/"
      },
      {
        "trust": 0.3,
        "url": "http://bugs.python.org/issue21671"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004805"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04438404"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687640"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682840"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678123"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678073"
      },
      {
        "trust": 0.3,
        "url": "http://www.websense.com/support/article/kbarticle/july-2014-hotfix-summary-for-websense-solutions"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://jvn.jp/en/jp/jvn61247051/index.html"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sophos.com/2014/06/10/openssl-man-in-the-middle-vulnerability-sophos-product-status-2/"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181245"
      },
      {
        "trust": 0.3,
        "url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20140606_001_en.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004758"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004747"
      },
      {
        "trust": 0.3,
        "url": "http://openvpn.net/index.php/open-source/downloads.html"
      },
      {
        "trust": 0.3,
        "url": "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583"
      },
      {
        "trust": 0.3,
        "url": "https://community.rapid7.com/community/metasploit/blog/2014/06/05/security-advisory-openssl-vulnerabilities-cve-2014-0224-cve-2014-0221-in-metasploit"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685551"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096059"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.splunk.com/2014/06/09/splunk-and-the-latest-openssl-vulnerabilities/"
      },
      {
        "trust": 0.3,
        "url": "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sophos.com/2014/06/16/utm-up2date-9-113-released/"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.sophos.com/2014/06/18/utm-up2date-9-203-released/"
      },
      {
        "trust": 0.3,
        "url": " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404764"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04385138"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181099"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101007404"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100180978"
      },
      {
        "trust": 0.3,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/21"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/mar/9"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10659"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181096"
      },
      {
        "trust": 0.3,
        "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678040"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1it02314"
      },
      {
        "trust": 0.3,
        "url": "http://kb.parallels.com/en/121916"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24036409"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032650#5.0.0.15"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032651"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034955"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020948"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401858"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04397114"
      },
      {
        "trust": 0.3,
        "url": " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505"
      },
      {
        "trust": 0.3,
        "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512909"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347711"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04351097"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368546"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04370307"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04392919"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398968"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401666"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04451722"
      },
      {
        "trust": 0.3,
        "url": "https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04406535-1%257cdoclocale%253d%"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04425253"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04595094"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001840"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181215"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680546"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680511,swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24037729"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678413"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680706,swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676673"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678660"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680439,swg21680673,swg21680546"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676128"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677891"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676536"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095910"
      },
      {
        "trust": 0.3,
        "url": "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.novell.com/support/kb/doc.php?id=7015158"
      },
      {
        "trust": 0.3,
        "url": "http://securityadvisories.paloaltonetworks.com/home/detail/23?aspxautodetectcookiesupport=1"
      },
      {
        "trust": 0.3,
        "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:14.openssl.asc"
      },
      {
        "trust": 0.3,
        "url": "https://bto.bluecoat.com/security-advisory/sa80"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181079"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/100181566"
      },
      {
        "trust": 0.3,
        "url": "https://library.netapp.com/ecm/ecm_get_file/ecmp1636026"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676276"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676786"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html"
      },
      {
        "trust": 0.3,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0629.html"
      },
      {
        "trust": 0.3,
        "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676793"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676840"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677225"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682398"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095738"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21683336"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682023"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021064"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682026"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682024"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21677080"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676877"
      },
      {
        "trust": 0.3,
        "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095841"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004678"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004824"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004690"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676542"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676543"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004744"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676333"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678289"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676708"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676505"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987"
      },
      {
        "trust": 0.3,
        "url": "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update-for-chrome-os.html"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001842"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001839"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004821"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004670"
      },
      {
        "trust": 0.3,
        "url": "www-01.ibm.com/support/docview.wss?uid=ssg1s1004671"
      },
      {
        "trust": 0.3,
        "url": "http://www.ubuntu.com/usn/usn-2232-4/"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://winscp.net/eng/docs/history#5.5.4"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00073"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00074"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00070"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00076"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00079"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00071"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00075"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00078"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00072"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00077"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-3"
      },
      {
        "trust": 0.1,
        "url": "http://www.ubuntu.com/usn/usn-2232-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/bugs/1332643"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km01028458"
      },
      {
        "trust": 0.1,
        "url": "http://support.openview.hp.com/selfsolve/document/km01020441"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=c03536"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "db": "BID",
        "id": "67899"
      },
      {
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-06-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "date": "2014-06-05T00:00:00",
        "db": "BID",
        "id": "67899"
      },
      {
        "date": "2014-08-20T15:18:26",
        "db": "PACKETSTORM",
        "id": "127936"
      },
      {
        "date": "2014-06-24T00:52:51",
        "db": "PACKETSTORM",
        "id": "127166"
      },
      {
        "date": "2014-07-28T20:36:25",
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "date": "2014-07-11T21:05:34",
        "db": "PACKETSTORM",
        "id": "127422"
      },
      {
        "date": "2014-07-09T17:11:19",
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "date": "2014-06-24T01:45:14",
        "db": "PACKETSTORM",
        "id": "127190"
      },
      {
        "date": "2014-09-22T16:56:00",
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "date": "2014-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "date": "2014-06-05T21:55:07.817000",
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0224"
      },
      {
        "date": "2017-10-19T03:03:00",
        "db": "BID",
        "id": "67899"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      },
      {
        "date": "2023-11-07T02:18:13.190000",
        "db": "NVD",
        "id": "CVE-2014-0224"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "127630"
      },
      {
        "db": "PACKETSTORM",
        "id": "127403"
      },
      {
        "db": "PACKETSTORM",
        "id": "128345"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL Encryption problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201406-080"
      }
    ],
    "trust": 0.6
  }
}

var-201702-0119
Vulnerability from variot

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. FortiManager is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. A security vulnerability exists in Fortinet FortiManager due to the program not properly validating TLS certificates

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0119",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.6 to  5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.0 to  5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.8"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "96157"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8495"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AirBus security team",
    "sources": [
      {
        "db": "BID",
        "id": "96157"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-8495",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-8495",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-97315",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.4,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-8495",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-8495",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-474",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97315",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature. FortiManager  is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. \nFortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. A security vulnerability exists in Fortinet FortiManager due to the program not properly validating TLS certificates",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8495"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "db": "BID",
        "id": "96157"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97315"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8495",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "96157",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1037805",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-474",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-97315",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97315"
      },
      {
        "db": "BID",
        "id": "96157"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ]
  },
  "id": "VAR-201702-0119",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97315"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:04:41.214000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiManager TLS certificate validation failure",
        "trust": 0.8,
        "url": "https://fortiguard.com/advisory/fg-ir-16-055"
      },
      {
        "title": "Fortinet FortiManager Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67763"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97315"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8495"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/advisory/fg-ir-16-055"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/96157"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1037805"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8495"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8495"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97315"
      },
      {
        "db": "BID",
        "id": "96157"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-97315"
      },
      {
        "db": "BID",
        "id": "96157"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8495"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97315"
      },
      {
        "date": "2017-02-08T00:00:00",
        "db": "BID",
        "id": "96157"
      },
      {
        "date": "2017-03-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "date": "2017-02-13T15:59:00.167000",
        "db": "NVD",
        "id": "CVE-2016-8495"
      },
      {
        "date": "2017-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97315"
      },
      {
        "date": "2017-03-07T10:02:00",
        "db": "BID",
        "id": "96157"
      },
      {
        "date": "2017-03-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      },
      {
        "date": "2017-07-25T01:29:03.357000",
        "db": "NVD",
        "id": "CVE-2016-8495"
      },
      {
        "date": "2017-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager Vulnerabilities in authentication information incomplete",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007804"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-474"
      }
    ],
    "trust": 0.6
  }
}

var-202108-0658
Vulnerability from variot

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests. FortiManager and FortiAnalyser GUI Contains a server-side request forgery vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202108-0658",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.2.7  and earlier"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "5.6.11  and earlier"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.5  and earlier"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.0.11  and earlier"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32603"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32603"
      }
    ]
  },
  "cve": "CVE-2021-32603",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-32603",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-392575",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-32603",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-32603",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-32603",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-335",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-392575",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-32603",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392575"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32603"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-335"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests. FortiManager and  FortiAnalyser GUI Contains a server-side request forgery vulnerability.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-392575"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32603"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-32603",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2617",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080318",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-335",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-392575",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32603",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392575"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-335"
      }
    ]
  },
  "id": "VAR-202108-0658",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392575"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:01:01.296000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-050",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-21-050"
      },
      {
        "title": "Fortinet FortiManager  and  Fortinet FortiAnalyzer Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=159847"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-335"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-918",
        "trust": 1.1
      },
      {
        "problemtype": "Server-side request forgery (CWE-918) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392575"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32603"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-21-050"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32603"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-file-reading-via-dispatcher-socket-parameters-36040"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080318"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2617"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/918.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-392575"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-335"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-392575"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32603"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-335"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392575"
      },
      {
        "date": "2021-08-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32603"
      },
      {
        "date": "2022-05-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "date": "2021-08-05T11:15:07.510000",
        "db": "NVD",
        "id": "CVE-2021-32603"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-335"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-392575"
      },
      {
        "date": "2021-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32603"
      },
      {
        "date": "2022-05-18T02:45:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      },
      {
        "date": "2021-08-12T19:32:02.637000",
        "db": "NVD",
        "id": "CVE-2021-32603"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-335"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-335"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 and \u00a0FortiAnalyser\u00a0GUI\u00a0 Server-side Request Forgery Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-009723"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201608-0287
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Multiple Fortinet Products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Both Fortinet FortiAnalyzer and FortiManager are products of Fortinet. The former is a centralized network security reporting solution, and the latter is a centralized network security management solution. A cross-site scripting vulnerability exists in Fortinet FortiAnalyzer 5.x prior to 5.2.6 and FortiManager 5.x prior to 5.2.6

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0287",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortimom-vm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortimanager virtual appliances",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortimanager 400c",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 400b",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 400a",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 4000e",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 4000d",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 3900e",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 300d",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 3000c",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 200d",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 1000d",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager 1000c",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "100"
      },
      {
        "model": "fortianalyzer vm gb500",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer vm gb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer vm gb25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer vm gb2000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer vm gb100",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer vm gb1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer vm base",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "fortianalyzer 3900e",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortianalyzer 3500e",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortianalyzer 300d",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortianalyzer 3000e",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortianalyzer 200d",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortianalyzer 2000b",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortianalyzer 1000d",
        "scope": null,
        "trust": 0.3,
        "vendor": "fortinet",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3196"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3196"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Marco Onorati",
    "sources": [
      {
        "db": "BID",
        "id": "92203"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-3196",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-3196",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-92015",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-3196",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-3196",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-095",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-92015",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3196"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section. Multiple Fortinet Products are prone to a security-bypass vulnerability. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized  actions. This may aid in further attacks. Both Fortinet FortiAnalyzer and FortiManager are products of Fortinet. The former is a centralized network security reporting solution, and the latter is a centralized network security management solution. A cross-site scripting vulnerability exists in Fortinet FortiAnalyzer 5.x prior to 5.2.6 and FortiManager 5.x prior to 5.2.6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3196"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "db": "BID",
        "id": "92203"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92015"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-3196",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "92203",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1036550",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036551",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-095",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-92015",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92015"
      },
      {
        "db": "BID",
        "id": "92203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3196"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ]
  },
  "id": "VAR-201608-0287",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92015"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:05:44.907000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiManager and FortiAnalyzer Persistent XSS vulnerability",
        "trust": 0.8,
        "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
      },
      {
        "title": "Fortinet FortiAnalyzer  and FortiManager Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63487"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3196"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability"
      },
      {
        "trust": 1.4,
        "url": "http://seclists.org/fulldisclosure/2016/aug/4"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/92203"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/539069/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vulnerability-lab.com/get_content.php?id=1687"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036550"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036551"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3196"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3196"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92015"
      },
      {
        "db": "BID",
        "id": "92203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3196"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-92015"
      },
      {
        "db": "BID",
        "id": "92203"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3196"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92015"
      },
      {
        "date": "2016-08-01T00:00:00",
        "db": "BID",
        "id": "92203"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "date": "2016-08-05T14:59:06.547000",
        "db": "NVD",
        "id": "CVE-2016-3196"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92015"
      },
      {
        "date": "2016-08-01T00:00:00",
        "db": "BID",
        "id": "92203"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      },
      {
        "date": "2018-10-09T19:59:48.130000",
        "db": "NVD",
        "id": "CVE-2016-3196"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiAnalyzer and  FortiManager Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004160"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-095"
      }
    ],
    "trust": 0.6
  }
}

var-201410-0764
Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. FortiManager and FortiAnalyzer are prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to FortiManager and FortiAnalyzer 5.0.7 are vulnerable. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-0764",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1440"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2336"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oded Vanunu \u0026 Adi Volkovitz, Check Point Security Research Team.",
    "sources": [
      {
        "db": "BID",
        "id": "70889"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-2336",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-2336",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-70275",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-2336",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-1440",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-70275",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1440"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335. FortiManager and FortiAnalyzer are prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nVersions prior to FortiManager and FortiAnalyzer 5.0.7 are vulnerable. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2336"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      },
      {
        "db": "BID",
        "id": "70889"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70275"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-2336",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "70889",
        "trust": 1.4
      },
      {
        "db": "SECUNIA",
        "id": "61309",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1440",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-70275",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70275"
      },
      {
        "db": "BID",
        "id": "70889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1440"
      }
    ]
  },
  "id": "VAR-201410-0764",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70275"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:07:54.564000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI",
        "trust": 0.8,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-033/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2336"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-033/"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/70889"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61309"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2336"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2336"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortianalyzer/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70275"
      },
      {
        "db": "BID",
        "id": "70889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1440"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-70275"
      },
      {
        "db": "BID",
        "id": "70889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2336"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1440"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70275"
      },
      {
        "date": "2014-11-03T00:00:00",
        "db": "BID",
        "id": "70889"
      },
      {
        "date": "2014-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      },
      {
        "date": "2014-10-31T14:55:02.907000",
        "db": "NVD",
        "id": "CVE-2014-2336"
      },
      {
        "date": "2014-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1440"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70275"
      },
      {
        "date": "2014-11-03T00:00:00",
        "db": "BID",
        "id": "70889"
      },
      {
        "date": "2014-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      },
      {
        "date": "2017-08-29T01:34:30.890000",
        "db": "NVD",
        "id": "CVE-2014-2336"
      },
      {
        "date": "2014-11-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1440"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1440"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager and  FortiAnalyzer of  Web User Interface cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005170"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1440"
      }
    ],
    "trust": 0.6
  }
}

var-201608-0285
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. FortiManager and FortiAnalyzer are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. The following versions are affected: Fortinet FortiManager 5.x prior to 5.0.12, 5.2.x prior to 5.2.6, FortiAnalyzer 5.x prior to 5.0.13, 5.2.x prior to 5.2.6

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0285",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.13"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92456"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3194"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3194"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "92456"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-3194",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-3194",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-92013",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-3194",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-3194",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-295",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-92013",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3194"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. FortiManager and FortiAnalyzer are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. The following versions are affected: Fortinet FortiManager 5.x prior to 5.0.12, 5.2.x prior to 5.2.6, FortiAnalyzer 5.x prior to 5.0.13, 5.2.x prior to 5.2.6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "db": "BID",
        "id": "92456"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92013"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-3194",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "92456",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036550",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-295",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-92013",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92013"
      },
      {
        "db": "BID",
        "id": "92456"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3194"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ]
  },
  "id": "VAR-201608-0285",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92013"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:05:44.968000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiManager and FortiAnalyzer XSS vulnerability",
        "trust": 0.8,
        "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
      },
      {
        "title": "Fortinet FortiManager  and FortiAnalyzer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63665"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92013"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3194"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/92456"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036550"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3194"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3194"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92013"
      },
      {
        "db": "BID",
        "id": "92456"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3194"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-92013"
      },
      {
        "db": "BID",
        "id": "92456"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3194"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92013"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "BID",
        "id": "92456"
      },
      {
        "date": "2016-08-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "date": "2016-08-19T21:59:06.430000",
        "db": "NVD",
        "id": "CVE-2016-3194"
      },
      {
        "date": "2016-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92013"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "BID",
        "id": "92456"
      },
      {
        "date": "2016-08-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      },
      {
        "date": "2017-08-16T01:29:06.930000",
        "db": "NVD",
        "id": "CVE-2016-3194"
      },
      {
        "date": "2016-08-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager and  FortiAnalyzer Cross-site scripting vulnerability in the add address page",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004419"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-295"
      }
    ],
    "trust": 0.6
  }
}

var-201608-0286
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. FortiManager and FortiAnalyzer are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. The following versions are affected: Fortinet FortiManager 5.x prior to 5.0.12, 5.2.x prior to 5.2.6, FortiAnalyzer 5.x prior to 5.0.13, 5.2.x prior to 5.2.6

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0286",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.13"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3195"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vulnerability Lab.",
    "sources": [
      {
        "db": "BID",
        "id": "92453"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-3195",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-3195",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-92014",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-3195",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-3195",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-296",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-92014",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92014"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. FortiManager and FortiAnalyzer are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. The following versions are affected: Fortinet FortiManager 5.x prior to 5.0.12, 5.2.x prior to 5.2.6, FortiAnalyzer 5.x prior to 5.0.13, 5.2.x prior to 5.2.6",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "db": "BID",
        "id": "92453"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92014"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-3195",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "92453",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036550",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-92014",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92014"
      },
      {
        "db": "BID",
        "id": "92453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ]
  },
  "id": "VAR-201608-0286",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92014"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:05:44.937000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiManager and FortiAnalyzer Client Side XSS vulnerability",
        "trust": 0.8,
        "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
      },
      {
        "title": "Fortinet FortiManager  and FortiAnalyzer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63666"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92014"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3195"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/92453"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036550"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3195"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3195"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92014"
      },
      {
        "db": "BID",
        "id": "92453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-92014"
      },
      {
        "db": "BID",
        "id": "92453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3195"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92014"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "BID",
        "id": "92453"
      },
      {
        "date": "2016-08-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "date": "2016-08-19T21:59:07.430000",
        "db": "NVD",
        "id": "CVE-2016-3195"
      },
      {
        "date": "2016-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92014"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "BID",
        "id": "92453"
      },
      {
        "date": "2016-08-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      },
      {
        "date": "2017-08-16T01:29:06.993000",
        "db": "NVD",
        "id": "CVE-2016-3195"
      },
      {
        "date": "2016-08-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager and  FortiAnalyzer of  Web-UI Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004420"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-296"
      }
    ],
    "trust": 0.6
  }
}

var-202209-0222
Vulnerability from variot

An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. fortinet's FortiAnalyzer and FortiManager Exists in unspecified vulnerabilities.Information may be obtained

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202209-0222",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.10"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.8"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.2.0  to  6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.0.0  to  6.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "7.0.0  to  7.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.0  to  6.4.7"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.3",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.8",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.12",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.10",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      }
    ]
  },
  "cve": "CVE-2022-38377",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.2,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.7,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2022-38377",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-38377",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-38377",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202209-247",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. fortinet\u0027s FortiAnalyzer and FortiManager Exists in unspecified vulnerabilities.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-38377",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-434171",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "id": "VAR-202209-0222",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:36:44.605000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-20-143",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-20-143"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/psirt/fg-ir-20-143"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-38377"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-information-disclosure-via-adom-39196"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-38377/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "date": "2022-11-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "date": "2023-11-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "date": "2022-11-25T16:15:10.747000",
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "date": "2022-09-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-434171"
      },
      {
        "date": "2022-11-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-38377"
      },
      {
        "date": "2023-11-27T01:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      },
      {
        "date": "2023-11-07T03:50:06.800000",
        "db": "NVD",
        "id": "CVE-2022-38377"
      },
      {
        "date": "2022-12-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "fortinet\u0027s \u00a0FortiAnalyzer\u00a0 and \u00a0FortiManager\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-023038"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202209-247"
      }
    ],
    "trust": 0.6
  }
}

var-201806-0786
Vulnerability from variot

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. Fortinet FortiManager and FortiAnalyzer Contains an open redirect vulnerability.Information may be obtained and information may be altered. Fortinet FortiAnalyzer and FortiManager are prone to an open-redirect vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. The following products and versions are vulnerable: FortiAnalyzer 6.0.0 and prior FortiManager 6.0.0 and prior. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. An open redirection vulnerability exists in Fortinet FortiManager 6.0.0 and earlier and FortiAnalyzer 6.0.0 and earlier. An attacker could exploit this vulnerability to inject script code by conducting a social engineering attack

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0786",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.5"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.13"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1355"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Donato Onofri, Luca Napolitano and Francesca Perrone of Business Integration Partners S.p.A.",
    "sources": [
      {
        "db": "BID",
        "id": "104546"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1355",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-1355",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-123620",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-1355",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1355",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201806-1346",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123620",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-1355",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature.  An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. Fortinet FortiManager and FortiAnalyzer Contains an open redirect vulnerability.Information may be obtained and information may be altered. Fortinet FortiAnalyzer and FortiManager are prone to an open-redirect vulnerability. \nAn attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. \nThe following products and versions are vulnerable:\nFortiAnalyzer 6.0.0 and prior\nFortiManager 6.0.0 and prior. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. An open redirection vulnerability exists in Fortinet FortiManager 6.0.0 and earlier and FortiAnalyzer 6.0.0 and earlier. An attacker could exploit this vulnerability to inject script code by conducting a social engineering attack",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "db": "BID",
        "id": "104546"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1355"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1355",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "104546",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1041185",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1041184",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1346",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-123620",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1355",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1355"
      },
      {
        "db": "BID",
        "id": "104546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ]
  },
  "id": "VAR-201806-0786",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123620"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:01:12.782000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-18-022",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-18-022"
      },
      {
        "title": "Fortinet FortiManager  and FortiAnalyzer Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81605"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/0xcybery/cve-t4pdf "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-1355"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-601",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123620"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1355"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/104546"
      },
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-18-022"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1041184"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1041185"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1355"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1355"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortianalyzer/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-18-022"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/601.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/0xcybery/cve-t4pdf"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1355"
      },
      {
        "db": "BID",
        "id": "104546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123620"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1355"
      },
      {
        "db": "BID",
        "id": "104546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1355"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123620"
      },
      {
        "date": "2018-06-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1355"
      },
      {
        "date": "2018-06-22T00:00:00",
        "db": "BID",
        "id": "104546"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "date": "2018-06-27T20:29:04.933000",
        "db": "NVD",
        "id": "CVE-2018-1355"
      },
      {
        "date": "2018-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123620"
      },
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1355"
      },
      {
        "date": "2018-06-22T00:00:00",
        "db": "BID",
        "id": "104546"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      },
      {
        "date": "2019-03-08T13:46:47.527000",
        "db": "NVD",
        "id": "CVE-2018-1355"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager and  FortiAnalyzer Open redirect vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007121"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1346"
      }
    ],
    "trust": 0.6
  }
}

var-202109-0398
Vulnerability from variot

An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. FortiManager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0398",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.4"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "6.4.0  to  6.4.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24006"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.4",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24006"
      }
    ]
  },
  "cve": "CVE-2021-24006",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-24006",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-382724",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-24006",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-24006",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-24006",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-359",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-382724",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-24006",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24006"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-359"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL. FortiManager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-24006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-382724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24006"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-24006",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-359",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080317",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2617",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-382724",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24006",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-359"
      }
    ]
  },
  "id": "VAR-202109-0398",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382724"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:49:29.418000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-20-061",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-20-061"
      },
      {
        "title": "Fortinet FortiManager Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158605"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-359"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "others (CWE-Other) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24006"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://fortiguard.com/advisory/fg-ir-20-061"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-24006"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080317"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-privilege-escalation-via-sd-wan-orchestrator-panel-36037"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2617"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/863.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-382724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-359"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-382724"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-24006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-24006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-359"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382724"
      },
      {
        "date": "2021-09-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-24006"
      },
      {
        "date": "2022-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "date": "2021-09-06T19:15:07.427000",
        "db": "NVD",
        "id": "CVE-2021-24006"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-359"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-06-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-382724"
      },
      {
        "date": "2021-09-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-24006"
      },
      {
        "date": "2022-07-08T05:24:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      },
      {
        "date": "2022-06-28T14:11:45.273000",
        "db": "NVD",
        "id": "CVE-2021-24006"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-359"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-359"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-010804"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201809-0238
Vulnerability from variot

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. Fortinet FortiManager Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiManager is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to FortiManager 6.0.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0238",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "6.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "6.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.6.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1353"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yasar Calay, Beyaz Bilgisayar Danismanlik Hizmetleri",
    "sources": [
      {
        "db": "BID",
        "id": "105428"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1353",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-1353",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-123598",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-1353",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1353",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-228",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123598",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. Fortinet FortiManager Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiManager is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. \nVersions prior to FortiManager 6.0.1 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1353"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "db": "BID",
        "id": "105428"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123598"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1353",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-228",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "105428",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-123598",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123598"
      },
      {
        "db": "BID",
        "id": "105428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ]
  },
  "id": "VAR-201809-0238",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123598"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:50:35.148000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-18-016",
        "trust": 0.8,
        "url": "https://fortiguard.com/advisory/fg-ir-18-016"
      },
      {
        "title": "Fortinet FortiManager Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84559"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1353"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-18-016"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1353"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1353"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-18-016"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123598"
      },
      {
        "db": "BID",
        "id": "105428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123598"
      },
      {
        "db": "BID",
        "id": "105428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1353"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123598"
      },
      {
        "date": "2018-08-27T00:00:00",
        "db": "BID",
        "id": "105428"
      },
      {
        "date": "2018-11-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "date": "2018-09-05T13:29:00.230000",
        "db": "NVD",
        "id": "CVE-2018-1353"
      },
      {
        "date": "2018-09-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123598"
      },
      {
        "date": "2018-08-27T00:00:00",
        "db": "BID",
        "id": "105428"
      },
      {
        "date": "2018-11-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      },
      {
        "date": "2018-10-25T17:09:11.457000",
        "db": "NVD",
        "id": "CVE-2018-1353"
      },
      {
        "date": "2018-09-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-009414"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-228"
      }
    ],
    "trust": 0.6
  }
}

var-201512-0483
Vulnerability from variot

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to crash the affected application; denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c05157667

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05157667 Version: 1

HPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware, Remote Denial of Service (DoS), Disclosure of Information, Cross-Site Request Forgery (CSRF)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2016-06-01 Last Updated: 2016-06-01

Potential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial of Service (DoS), Disclosure of Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include:

The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF).

References:

CVE-2016-0800 CVE-2016-0799 CVE-2016-2842 CVE-2015-1789 CVE-2015-1791 CVE-2015-3194 CVE-2015-0705 CVE-2015-5600 CVE-2014-3566 CVE-2008-5161 SSRT102281

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The following firmware versions of Virtual Connect (VC) are impacted:

HPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45 HPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21

Note: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800, CVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and CVE-2016-2842.

The following products run the impacted versions of Virtual Connect (VC) firmware:

HPE VC Flex-10 10Gb Enet Module HPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem HPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem HPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2016-0800 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-3194 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-3566 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2008-5161 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 CVE-2015-0705 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2016-0799 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2016-2842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2015-5600 (AV:N/AC:L/Au:N/C:P/I:N/A:C) 8.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HPE has provided an updated version of the BladeSystem c-Class Virtual Connect (VC) firmware to address these vulnerabilities.

HPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50

The update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public /detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d

HISTORY Version:1 (rev.1) - 1 June 2016 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:2617-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2617.html Issue date: 2015-12-14 CVE Names: CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 =====================================================================

  1. Summary:

Updated openssl packages that fix three security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194)

A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195)

A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196)

All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-1.0.1e-42.el6_7.1.ppc.rpm openssl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc.rpm openssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-1.0.1e-42.el6_7.1.s390.rpm openssl-1.0.1e-42.el6_7.1.s390x.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-devel-1.0.1e-42.el6_7.1.s390.rpm openssl-devel-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm openssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm openssl-static-1.0.1e-42.el6_7.1.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm openssl-perl-1.0.1e-42.el6_7.1.s390x.rpm openssl-static-1.0.1e-42.el6_7.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-42.el6_7.1.src.rpm

i386: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-1.0.1e-42.el6_7.1.i686.rpm openssl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-devel-1.0.1e-42.el6_7.1.i686.rpm openssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm openssl-perl-1.0.1e-42.el6_7.1.i686.rpm openssl-static-1.0.1e-42.el6_7.1.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm openssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm openssl-static-1.0.1e-42.el6_7.1.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

aarch64: openssl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm openssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-1.0.1e-51.el7_2.1.s390x.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-devel-1.0.1e-51.el7_2.1.s390.rpm openssl-devel-1.0.1e-51.el7_2.1.s390x.rpm openssl-libs-1.0.1e-51.el7_2.1.s390.rpm openssl-libs-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

aarch64: openssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm openssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm openssl-static-1.0.1e-51.el7_2.1.aarch64.rpm

ppc64: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm openssl-static-1.0.1e-51.el7_2.1.ppc.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64.rpm

ppc64le: openssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm openssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm

s390x: openssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm openssl-perl-1.0.1e-51.el7_2.1.s390x.rpm openssl-static-1.0.1e-51.el7_2.1.s390.rpm openssl-static-1.0.1e-51.el7_2.1.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-51.el7_2.1.src.rpm

x86_64: openssl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-devel-1.0.1e-51.el7_2.1.i686.rpm openssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm openssl-libs-1.0.1e-51.el7_2.1.i686.rpm openssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm openssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm openssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm openssl-static-1.0.1e-51.el7_2.1.i686.rpm openssl-static-1.0.1e-51.el7_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-3194 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-3196 https://access.redhat.com/security/updates/classification/#moderate https://openssl.org/news/secadv/20151203.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4 dpIS/iR9oiOKMXJY5t447ME= =qvLr -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). For more information, see: https://openssl.org/news/secadv_20151203.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196 ( Security fix ) patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 5e45a22283b41aaf4f867918746ebc1d openssl-0.9.8zh-i486-1_slack13.0.txz 0ad74b36ce143d28e15dfcfcf1fcb483 openssl-solibs-0.9.8zh-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: c360d323a2bed57c62d6699b2d4be65e openssl-0.9.8zh-x86_64-1_slack13.0.txz 122240badbfbe51c842a9102d3cfe30f openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 1bf98b27573b20a7de5f6359f3eadbd7 openssl-0.9.8zh-i486-1_slack13.1.txz 2b732f1f29de1cb6078fd1ddda8eb9ec openssl-solibs-0.9.8zh-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 735c3bbc55902ec57e46370cde32ea4b openssl-0.9.8zh-x86_64-1_slack13.1.txz 483f506f3b86572e60fe4c46a67c226b openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 9af41ba336c64b92d5bbd86c17a93e94 openssl-0.9.8zh-i486-1_slack13.37.txz b83170b9c5ec56b4e2dc882b3c64b306 openssl-solibs-0.9.8zh-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: 2220ff161d0bf3635d2dea7caae6e5e7 openssl-0.9.8zh-x86_64-1_slack13.37.txz 17b3e8884f383e3327d5e4a6080634cb openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ced42bc3799f2b54aeb3b631a2864b90 openssl-1.0.1q-i486-1_slack14.0.txz 52965f98ee30e8f3d22bde6b0fe7f53b openssl-solibs-1.0.1q-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: cbf49f09bdcebc61cf7fcb2857dc3a71 openssl-1.0.1q-x86_64-1_slack14.0.txz 156911f58b71ee6369467d8fec34a59f openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 36d5f60b634788d4315ffb46ef6d4d88 openssl-1.0.1q-i486-1_slack14.1.txz fc18f566a9a2f5c6adb15d288245403a openssl-solibs-1.0.1q-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 03f1832417a79f73b35180a39ae4fb16 openssl-1.0.1q-x86_64-1_slack14.1.txz bf447792f23deb14e1fe3f008a6b78a7 openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz

Slackware -current packages: 27b2974199a970392ed2192bf4a207a9 a/openssl-solibs-1.0.2e-i586-1.txz 940a7653a6cadb44ce143d3b0e0eaa16 n/openssl-1.0.2e-i586-1.txz

Slackware x86_64 -current packages: 8636a45f49d186d505b356b9be66309b a/openssl-solibs-1.0.2e-x86_64-1.txz 87c33a76a94993864a52bfe4e5d5b2f0 n/openssl-1.0.2e-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Corrected: 2015-12-03 21:18:48 UTC (stable/10, 10.2-STABLE) 2015-12-05 09:53:58 UTC (releng/10.2, 10.2-RELEASE-p8) 2015-12-05 09:53:58 UTC (releng/10.1, 10.1-RELEASE-p25) 2015-12-03 21:24:40 UTC (stable/9, 9.3-STABLE) 2015-12-05 09:53:58 UTC (releng/9.3, 9.3-RELEASE-p31) CVE Name: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . Background

FreeBSD includes software from the OpenSSL Project.

II. [CVE-2015-3196]

III. [CVE-2015-3194] This affects FreeBSD 10.x only. [CVE-2015-3196]. This affects FreeBSD 10.1 only.

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

Reboot is optional but recommended.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

Reboot is optional but recommended.

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 9.3]

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch.asc

gpg --verify openssl-9.3.patch.asc

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

[FreeBSD 10.2]

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch

fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch.asc

gpg --verify openssl-10.2.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision


stable/9/ r291722 releng/9.3/ r291854 stable/10/ r291721 releng/10.1/ r291854 releng/10.2/ r291854


To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. Description:

This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

  • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

  • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

  • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

  • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

  • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2012-1148)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105, CVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj Somorovsky as the original reporter of CVE-2016-2107; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), and Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705.

See the corresponding CVE pages linked to in the References section for more information about each of the flaws listed in this advisory. Solution:

The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).

After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):

801648 - CVE-2012-1148 expat: Memory leak in poolGrow 1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service 1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import 1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp() 1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS 1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4 1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint 1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code 1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation 1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption 1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions 1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds 1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file 1332820 - CVE-2016-4483 libxml2: out-of-bounds read 1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar 1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName 1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs 1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral 1338700 - CVE-2016-4448 libxml2: Format string vulnerability 1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content 1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey 1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString 1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal 1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup 1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat 1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase 1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation 1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass 1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert 1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates 1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI 1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error

  1. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Race condition handling PSK identify hint (CVE-2015-3196)

Severity: Low

If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure.

This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.

The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)

Severity: Low

If a client receives a ServerKeyExchange for an anonymous DH ciphersuite with the value of p set to 0 then a seg fault can occur leading to a possible denial of service attack.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The fix was developed by Matt Caswell of the OpenSSL development team.

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0483",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.0.0"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "4.2.3"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.41"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2c"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "5.1.1"
      },
      {
        "model": "node.js",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.9"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.12.0"
      },
      {
        "model": "node.js",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "nodejs",
        "version": "0.10.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.7.10 and earlier"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.28 and earlier"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.63"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "secure global desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.71"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.6"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.14"
      },
      {
        "model": "10.2-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.19"
      },
      {
        "model": "1/10gb uplink ethernet switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.22.0"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59307)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.10"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "oncommand performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "hsr6602 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66025"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.15"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.5"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.6"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.13"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5"
      },
      {
        "model": "9.3-release-p31",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "hp870 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4.0.0"
      },
      {
        "model": "systems insight manager 7.3.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-165)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.19"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "10.1-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "4500g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.6"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3394"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3"
      },
      {
        "model": "9.3-release-p22",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.4.0"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.7"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.1.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.6.0.3"
      },
      {
        "model": "openscape uc application",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "30-1x5)"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2.1"
      },
      {
        "model": "(comware r2150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "79007)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37001.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "5.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "api management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "9.3-release-p10",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4"
      },
      {
        "model": "opensuse evergreen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.5"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014091001"
      },
      {
        "model": "flashsystem 9843-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.1.8"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "g8264cs si fabric image",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "bigfix platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "smb (comware r1110",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "16205)"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "10.1"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "2.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "flashsystem 9848-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50001.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.16"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.5"
      },
      {
        "model": "qradar siem patch ifix01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.44"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "10.1-release-p17",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.4"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.210"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.091"
      },
      {
        "model": "msr20 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.8"
      },
      {
        "model": "msr 50-g2 (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.10"
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "ctpview 7.3r1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "9.3-beta3-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.15"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.6.0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.6.0.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.5"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090800"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "10.2-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.19"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.6"
      },
      {
        "model": "si (comware r1517",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "10.1-rc2-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105007)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3"
      },
      {
        "model": "project openssl 1.0.2e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "bigfix platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.3"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.14"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5"
      },
      {
        "model": "project openssl 1.0.1q",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10.1.38.00"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.3"
      },
      {
        "model": "openscape common management port",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.3"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "1/10gb uplink ethernet switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.13.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "netezza platform software 7.2.0.4-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.10"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.03"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.1.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.1"
      },
      {
        "model": "(comware r7180",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75007)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.4.1.8"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "oncommand report",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.213"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.11"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.17"
      },
      {
        "model": "qlogic 8gb intelligent pass-thru module \u0026 san switch module for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.10"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.13"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "imc uam tam e0406",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.9"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.30"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4"
      },
      {
        "model": "netezza platform software 7.1.0.8-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "8.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "(comware r5319p15",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "36105)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "bundle of g8264cs image",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.16"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.1"
      },
      {
        "model": "openscape voice trace manage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.28"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.7"
      },
      {
        "model": "msr2000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.13"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "vcx",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "bigfix remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.7"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51205)"
      },
      {
        "model": "openscape desk phone ip hf r0.28",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v3"
      },
      {
        "model": "flex system fc3171 8gb san pass-thru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.2"
      },
      {
        "model": "1/10gb uplink ethernet switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.23.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.7"
      },
      {
        "model": "proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.06"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "1.0"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "virtual fabric 10gb switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.8.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.2"
      },
      {
        "model": "mobile foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.0"
      },
      {
        "model": "9.3-rc",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.12"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.9"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.6"
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "9.3-beta1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2.0.8"
      },
      {
        "model": "10.2-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.7"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.17"
      },
      {
        "model": "10.1-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "6125xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.2"
      },
      {
        "model": "10.1-release",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.10"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.50"
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "59007)"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "hsr6800 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "f5000-a (comware f3210p26",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.6"
      },
      {
        "model": "9.3-release-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.8"
      },
      {
        "model": "10.1-release-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.8"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.4"
      },
      {
        "model": "10.1-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.2"
      },
      {
        "model": "si4093 image",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "imc inode e0407",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize 6.4storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v3500v3700"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.21.0"
      },
      {
        "model": "netezza platform software 7.1.0.4-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "openscape voice r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "9.3-rc2-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.38"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.5"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "altavault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "netezza platform software 7.2.0.4-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "10.2-rc1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.9"
      },
      {
        "model": "netezza platform software 7.2.1.1-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "smb1910 (comware r1113",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.6"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.10"
      },
      {
        "model": "hi (comware r5501p21",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "flex system en2092 1gb ethernet scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "10.1-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "9.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.4"
      },
      {
        "model": "9.3-release-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "virtual fabric 10gb switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.22.0"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.7"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.10"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.12"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.0"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.0"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9xx5)"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.6.0"
      },
      {
        "model": "hp850 (comware r2607p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "project openssl 1.0.2d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "imc wsm e0502p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "6127xlg r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "a6600 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r1810p03",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58005)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.2"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.1"
      },
      {
        "model": "moonshot r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.3"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.8"
      },
      {
        "model": "infinity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "11.1"
      },
      {
        "model": "9.3-beta1-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.31"
      },
      {
        "model": "9.3-release-p25",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.5"
      },
      {
        "model": "flashsystem 9848-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "flashsystem 9840-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.7"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.9"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.34"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.3"
      },
      {
        "model": "openscape sbc r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v7"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090300"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.9"
      },
      {
        "model": "10.2-beta2-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "netezza platform software 7.1.0.5-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.1"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.7"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "openscape alarm respons",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.14"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.6"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.13"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.20"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.7"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4.0650"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.7"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "4.0"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.5"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "flashsystem 9846-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.5"
      },
      {
        "model": "ei (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "55005)"
      },
      {
        "model": "5510hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3.1"
      },
      {
        "model": "g8264cs si fabric image",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.16"
      },
      {
        "model": "bladesystem c-class virtual connect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.45"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.18"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.8"
      },
      {
        "model": "10.1-beta3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "freebsd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": "10.1"
      },
      {
        "model": "msr1000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.3"
      },
      {
        "model": "integration bus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10"
      },
      {
        "model": "vsr (comware e0322p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "openscape r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "4000v7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5.0.3"
      },
      {
        "model": "manageability sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "flex system fabric cn4093 10gb converged scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "flashsystem 9846-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.7"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "wx5004-ei (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "10.1-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.15"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014111002"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.19"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.13"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.1"
      },
      {
        "model": "openscape r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "4000v7"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.12"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.2"
      },
      {
        "model": "email gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.404"
      },
      {
        "model": "openscape sbc r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "9.3-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "4800g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "51307)"
      },
      {
        "model": "9.3-release-p21",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smb1920 (comware r1112",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "9.3-release-p24",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.8"
      },
      {
        "model": "1/10gb uplink ethernet switch module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.12.0"
      },
      {
        "model": "10.1-release-p19",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3.0.5"
      },
      {
        "model": "openstage desk phone ip si r3.32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v3"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.35"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.010"
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "6.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.10"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "u200s and cs (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "9.3-release-p13",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.23"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "10.1-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "(comware r2432p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "57007)"
      },
      {
        "model": "fortivoiceos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4.19"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4.0.9"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "msr4000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "hp6000 (comware r2507p44",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "(comware r1118p13",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "58305)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.4"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "3.0"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "netezza diagnostics tools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.1.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.2"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.6.0.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.9"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "intelligent management center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rse ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.3"
      },
      {
        "model": "rpe ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "66005"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.6.0.3"
      },
      {
        "model": "(comware r5213p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3100v25)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.6.0.3"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.4"
      },
      {
        "model": "mq light client module for node.js 1.0.2014091000-red",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.8"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.7"
      },
      {
        "model": "9.3-rc2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "9.3-rc3-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.17"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.6.0.4"
      },
      {
        "model": "business process manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.6"
      },
      {
        "model": "vcx",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "9.8.19"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.5"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.4.0.8"
      },
      {
        "model": "smartcloud entry appliance fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.21"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.4"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "netezza platform software 7.1.0.5-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "flex system fc3171 8gb san switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.8.01.00"
      },
      {
        "model": "ctpview",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "security identity governance and intelligence",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "(comware r7377",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125007)"
      },
      {
        "model": "websphere mq for hp nonstop server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.11"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.10"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.5"
      },
      {
        "model": "security network controller 1.0.3394m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "comware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.6.0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.37"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "9.3-rc1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "10.1-rc4-p1",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.12"
      },
      {
        "model": "imc plat e0403p04",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "flashsystem 9843-ae2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.3.16.00"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.3"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.4"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.0.12"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.2.0.5"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.211"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.1"
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.4"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.6"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70006.2"
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3.1"
      },
      {
        "model": "flex system fabric en4093r 10gb scalable switch",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.16"
      },
      {
        "model": "10.1-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "forticlient",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3.633"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.9"
      },
      {
        "model": "openscape branch r",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "virtual fabric 10gb switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.8.23.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.1.3"
      },
      {
        "model": "10.2-beta2-p3",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "(comware r1517p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "v19105)"
      },
      {
        "model": "hp830 (comware r3507p51",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.11"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "505)"
      },
      {
        "model": "hsr6800 (comware r3303p28",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "puredata system for analytics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.13"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "10.2-release-p8",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.41"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.5.0.3"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "si4093 image",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.13.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.17"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "9.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4.1.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.6"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.7"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.3"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "u200a and m (comware f5123p33",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "openscape desk phone ip si r3.32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.7"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "flashsystem 9840-ae1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "840"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "sterling connect:direct for unix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.12"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.3.0.5"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ctpview 7.1r3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.2"
      },
      {
        "model": "hsr6602 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.9"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "ctpview 7.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1.0.7"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.6"
      },
      {
        "model": "(comware r1210p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "105005)"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.22.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.12"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.5.0.3"
      },
      {
        "model": "openscape voice r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.3"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.6.0.3"
      },
      {
        "model": "security access manager for web",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.02"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "nj5000 r1107",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hsr6600 (comware r7103p09",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.3"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.4"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "hsr6800 ru r3303p28.ru",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5"
      },
      {
        "model": "endpoint manager for remote control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "bigfix platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.8"
      },
      {
        "model": "tivoli netcool reporter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1"
      },
      {
        "model": "(comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "125005)"
      },
      {
        "model": "cognos tm1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1"
      },
      {
        "model": "qlogic virtual fabric extension module for ibm bladecenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.1"
      },
      {
        "model": "netezza platform software 7.2.0.7-p1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.4"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.62"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.12"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.2"
      },
      {
        "model": "10.2-stable",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "email gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.3"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "9.3-release-p5",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "msr20-1x (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "msr3000 (comware r0306p12",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.3"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.53"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "9500e (comware r1829p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "fortidb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3"
      },
      {
        "model": "5130hi (comware r1120",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7)"
      },
      {
        "model": "5500si (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "flashsystem 9848-ac0",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "9.3-beta1-p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.25"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.2"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "san volume controller",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.6.0.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.33"
      },
      {
        "model": "openscape branch r1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "unify",
        "version": "v8"
      },
      {
        "model": "image construction and composition tool",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3.2.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "smartcloud entry appliance fixpac",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35001.1"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1"
      },
      {
        "model": "security access manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.5"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.2"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.6"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "flashsystem 9846-ac1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v840"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50006.2"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "93x5)"
      },
      {
        "model": "rational clearquest",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.18"
      },
      {
        "model": "netezza platform software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.1.1"
      },
      {
        "model": "websphere mq advanced message security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "-8.0.0.0"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.11"
      },
      {
        "model": "10.1-release-p23",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.1.4"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "bundle of g8264cs image",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "10.1-release-p16",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.11"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.7"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.5"
      },
      {
        "model": "ctpview 7.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "9.3-release-p6",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "(comware r3113p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "19507)"
      },
      {
        "model": "websphere message broker",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.12"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35006.3"
      },
      {
        "model": "9.3-release-p9",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.1.0.7"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.12"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.2c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "(comware r6710p02",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "75005)"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.7"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.2.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37006.3"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.9"
      },
      {
        "model": "fortiwan",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "mq light client module for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2014090801"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "oncommand unified manager for clustered data ontap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "6.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "(comware r2111p01",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3600v25)"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.9"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "(comware r1150",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "129007)"
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "websphere mq for hp nonstop server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.3.1.10"
      },
      {
        "model": "msr (comware r2516",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "305)"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "10.1-release-p25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "1.4.2"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "0"
      },
      {
        "model": "flex system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.3.3.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "mobile foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.14"
      },
      {
        "model": "flex system chassis management module 2pet",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.4.0.6"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.1.0.7"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.5.0.2"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "0"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.4.8"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.10"
      },
      {
        "model": "xcode",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.0"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.3.0"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "flex system fabric si4093 system interconnect module",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.1.0.6"
      },
      {
        "model": "san volume controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.3"
      },
      {
        "model": "secblade fw (comware r3181p07",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "4210g (comware r2221p22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5)"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.32"
      },
      {
        "model": "vios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.2.1.3"
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.7"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "systems insight manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "6125g/xg blade switch r2112p05",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v35007.2.0.8"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.4.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v37007.5"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.4.0.8"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.3.0.5"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.1"
      },
      {
        "model": "9.3-release-p29",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.2"
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.16.0"
      },
      {
        "model": "storwize",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70007.2.0.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "rational requisitepro",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.18"
      },
      {
        "model": "infinity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pexip",
        "version": "7.0"
      },
      {
        "model": "xcode",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "oncommand unified manager host package",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "netapp",
        "version": "0"
      },
      {
        "model": "storwize",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v50007.6.0.4"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "10.2-prerelease",
        "scope": null,
        "trust": 0.3,
        "vendor": "freebsd",
        "version": null
      },
      {
        "model": "rational clearquest",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.1.9"
      },
      {
        "model": "project openssl 1.0.1p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "virtual fabric 10gb switch module",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.9.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.1",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.12.9",
                "versionStartIncluding": "0.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.10.41",
                "versionStartIncluding": "0.10.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.3",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Lo\u0026amp;iuml;c Jonas Etienne(Qnective AG)",
    "sources": [
      {
        "db": "BID",
        "id": "78623"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3194",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3194",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3194",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3194",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3194",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the affected application; denying service to legitimate users. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n\na-c05157667\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05157667\nVersion: 1\n\nHPSBMU03607 rev.1 - HPE BladeSystem c-Class Virtual Connect (VC) Firmware,\nRemote Denial of Service (DoS), Disclosure of Information, Cross-Site Request\nForgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2016-06-01\nLast Updated: 2016-06-01\n\nPotential Security Impact: Remote Cross-Site Request Forgery (CSRF), Denial\nof Service (DoS), Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nMultiple potential security vulnerabilities have been identified in HPE\nBladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities\ninclude:\n\nThe SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \nThe Cross-protocol Attack on TLS using SSLv2 also known as \"DROWN\", which\ncould be exploited remotely resulting in disclosure of information. \nAdditional OpenSSL and OpenSSH vulnerabilities which could be remotely\nexploited resulting in Denial of Service (DoS), disclosure of information, or\nCross-site Request Forgery (CSRF). \n\nReferences:\n\nCVE-2016-0800\nCVE-2016-0799\nCVE-2016-2842\nCVE-2015-1789\nCVE-2015-1791\nCVE-2015-3194\nCVE-2015-0705\nCVE-2015-5600\nCVE-2014-3566\nCVE-2008-5161\nSSRT102281\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nThe following firmware versions of Virtual Connect (VC) are impacted:\n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 4.30 through VC 4.45\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware 3.62 through VC 4.21\n\nNote: Firmware versions 3.62 through 4.21 are not impacted by CVE-2016-0800,\nCVE-2015-3194, CVE-2014-3566, CVE-2015-0705, CVE-2016-0799, and\nCVE-2016-2842. \n\nThe following products run the impacted versions of Virtual Connect (VC)\nfirmware:\n\nHPE VC Flex-10 10Gb Enet Module\nHPE Virtual Connect Flex-10/10D Module for c-Class BladeSystem\nHPE Virtual Connect FlexFabric 10Gb/24-port Module for c-Class BladeSystem\nHPE Virtual Connect FlexFabric-20/40 F8 Module for c-Class BladeSystem\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2016-0800    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)        4.3\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2015-3194    (AV:N/AC:L/Au:N/C:N/I:N/A:P)        5.0\nCVE-2014-3566    (AV:N/AC:M/Au:N/C:P/I:N/A:N)        4.3\nCVE-2008-5161    (AV:N/AC:H/Au:N/C:P/I:N/A:N)        2.6\nCVE-2015-0705    (AV:N/AC:M/Au:N/C:P/I:P/A:P)        6.8\nCVE-2016-0799    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2016-2842    (AV:N/AC:L/Au:N/C:C/I:C/A:C)       10.0\nCVE-2015-5600    (AV:N/AC:L/Au:N/C:P/I:N/A:C)        8.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHPE has provided an updated version of the BladeSystem c-Class Virtual\nConnect (VC) firmware to address these vulnerabilities. \n\nHPE BladeSystem c-Class Virtual Connect (VC) Firmware v4.50\n\nThe update can be downloaded from: http://h20564.www2.hpe.com/hpsc/swd/public\n/detail?swItemId=MTX_1f352fb404f5410d9b2ca1b56d\n\nHISTORY\nVersion:1 (rev.1) - 1 June 2016 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability with any HPE supported\nproduct, send Email to: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:2617-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-2617.html\nIssue date:        2015-12-14\nCVE Names:         CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nA NULL pointer derefernce flaw was found in the way OpenSSL verified\nsignatures using the RSA PSS algorithm. A remote attacked could possibly\nuse this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server\nusing OpenSSL if it enabled client authentication. (CVE-2015-3194)\n\nA memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and\nCMS data. A remote attacker could use this flaw to cause an application\nthat parses PKCS#7 or CMS data from untrusted sources to use an excessive\namount of memory and possibly crash. (CVE-2015-3195)\n\nA race condition flaw, leading to a double free, was found in the way\nOpenSSL handled pre-shared key (PSK) identify hints. A remote attacker\ncould use this flaw to crash a multi-threaded SSL/TLS client using\nOpenSSL. (CVE-2015-3196)\n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.ppc64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.s390x.rpm\nopenssl-static-1.0.1e-42.el6_7.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-42.el6_7.1.src.rpm\n\ni386:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-devel-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.i686.rpm\nopenssl-static-1.0.1e-42.el6_7.1.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-perl-1.0.1e-42.el6_7.1.x86_64.rpm\nopenssl-static-1.0.1e-42.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\naarch64:\nopenssl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.aarch64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.aarch64.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.ppc64le.rpm\nopenssl-static-1.0.1e-51.el7_2.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.s390x.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390.rpm\nopenssl-static-1.0.1e-51.el7_2.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-51.el7_2.1.src.rpm\n\nx86_64:\nopenssl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-devel-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-libs-1.0.1e-51.el7_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-debuginfo-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-perl-1.0.1e-51.el7_2.1.x86_64.rpm\nopenssl-static-1.0.1e-51.el7_2.1.i686.rpm\nopenssl-static-1.0.1e-51.el7_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3194\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-3196\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://openssl.org/news/secadv/20151203.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFWblodXlSAg2UNWIIRAt6yAKCw1yHbcUPDEPeokS22dMKyo6YFsQCgmPe4\ndpIS/iR9oiOKMXJY5t447ME=\n=qvLr\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n  Anon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794). \n  For more information, see:\n    https://openssl.org/news/secadv_20151203.txt\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1794\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195\n    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3196\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zh-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zh-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zh-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zh-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1q-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1q-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1q-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1q-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2e-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2e-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2e-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2e-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n5e45a22283b41aaf4f867918746ebc1d  openssl-0.9.8zh-i486-1_slack13.0.txz\n0ad74b36ce143d28e15dfcfcf1fcb483  openssl-solibs-0.9.8zh-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\nc360d323a2bed57c62d6699b2d4be65e  openssl-0.9.8zh-x86_64-1_slack13.0.txz\n122240badbfbe51c842a9102d3cfe30f  openssl-solibs-0.9.8zh-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n1bf98b27573b20a7de5f6359f3eadbd7  openssl-0.9.8zh-i486-1_slack13.1.txz\n2b732f1f29de1cb6078fd1ddda8eb9ec  openssl-solibs-0.9.8zh-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n735c3bbc55902ec57e46370cde32ea4b  openssl-0.9.8zh-x86_64-1_slack13.1.txz\n483f506f3b86572e60fe4c46a67c226b  openssl-solibs-0.9.8zh-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n9af41ba336c64b92d5bbd86c17a93e94  openssl-0.9.8zh-i486-1_slack13.37.txz\nb83170b9c5ec56b4e2dc882b3c64b306  openssl-solibs-0.9.8zh-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\n2220ff161d0bf3635d2dea7caae6e5e7  openssl-0.9.8zh-x86_64-1_slack13.37.txz\n17b3e8884f383e3327d5e4a6080634cb  openssl-solibs-0.9.8zh-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nced42bc3799f2b54aeb3b631a2864b90  openssl-1.0.1q-i486-1_slack14.0.txz\n52965f98ee30e8f3d22bde6b0fe7f53b  openssl-solibs-1.0.1q-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\ncbf49f09bdcebc61cf7fcb2857dc3a71  openssl-1.0.1q-x86_64-1_slack14.0.txz\n156911f58b71ee6369467d8fec34a59f  openssl-solibs-1.0.1q-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n36d5f60b634788d4315ffb46ef6d4d88  openssl-1.0.1q-i486-1_slack14.1.txz\nfc18f566a9a2f5c6adb15d288245403a  openssl-solibs-1.0.1q-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n03f1832417a79f73b35180a39ae4fb16  openssl-1.0.1q-x86_64-1_slack14.1.txz\nbf447792f23deb14e1fe3f008a6b78a7  openssl-solibs-1.0.1q-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n27b2974199a970392ed2192bf4a207a9  a/openssl-solibs-1.0.2e-i586-1.txz\n940a7653a6cadb44ce143d3b0e0eaa16  n/openssl-1.0.2e-i586-1.txz\n\nSlackware x86_64 -current packages:\n8636a45f49d186d505b356b9be66309b  a/openssl-solibs-1.0.2e-x86_64-1.txz\n87c33a76a94993864a52bfe4e5d5b2f0  n/openssl-1.0.2e-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1q-i486-1_slack14.1.txz openssl-solibs-1.0.1q-i486-1_slack14.1.txz \n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \nCorrected:      2015-12-03 21:18:48 UTC (stable/10, 10.2-STABLE)\n                2015-12-05 09:53:58 UTC (releng/10.2, 10.2-RELEASE-p8)\n                2015-12-05 09:53:58 UTC (releng/10.1, 10.1-RELEASE-p25)\n                2015-12-03 21:24:40 UTC (stable/9, 9.3-STABLE)\n                2015-12-05 09:53:58 UTC (releng/9.3, 9.3-RELEASE-p31)\nCVE Name:       CVE-2015-3194, CVE-2015-3195, CVE-2015-3196\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e.   Background\n\nFreeBSD includes software from the OpenSSL Project. \n\nII.  [CVE-2015-3196]\n\nIII. [CVE-2015-3194]  This affects FreeBSD 10.x only. [CVE-2015-3196].  This affects FreeBSD 10.1 only. \n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\nReboot is optional but recommended. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\nReboot is optional but recommended. \n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 9.3]\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-9.3.patch.asc\n# gpg --verify openssl-9.3.patch.asc\n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 10.2]\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:26/openssl-10.2.patch.asc\n# gpg --verify openssl-10.2.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/9/                                                         r291722\nreleng/9.3/                                                       r291854\nstable/10/                                                        r291721\nreleng/10.1/                                                      r291854\nreleng/10.2/                                                      r291854\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. Description:\n\nThis release of Red Hat JBoss Core Services httpd 2.4.23 serves as a\nreplacement for JBoss Core Services Apache HTTP Server 2.4.6. (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2012-1148)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-0286, CVE-2016-2108, CVE-2016-2105, CVE-2016-2106,\nCVE-2016-2107, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nand CVE-2016-2842. Upstream acknowledges Stephen Henson (OpenSSL development team)\nas the original reporter of CVE-2015-0286; Huzaifa Sidhpurwala (Red Hat),\nHanno BAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2105,\nCVE-2016-2106, CVE-2016-0797, CVE-2016-0799, and CVE-2016-2842; Juraj\nSomorovsky as the original reporter of CVE-2016-2107; Yuval Yarom\n(University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv\nUniversity), and Nadia Heninger (University of Pennsylvania) as the\noriginal reporters of CVE-2016-0702; and Adam Langley (Google/BoringSSL) as\nthe original reporter of CVE-2016-0705. \n\nSee the corresponding CVE pages linked to in the References section for\nmore information about each of the flaws listed in this advisory. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Web Server installation (including all applications\nand configuration files). \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n801648 - CVE-2012-1148 expat: Memory leak in poolGrow\n1121519 - CVE-2014-3523 httpd: WinNT MPM denial of service\n1196737 - CVE-2015-0209 openssl: use-after-free on invalid EC private key import\n1202366 - CVE-2015-0286 openssl: invalid pointer use in ASN1_TYPE_cmp()\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n1243888 - CVE-2015-3185 httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4\n1288320 - CVE-2015-3194 OpenSSL: Certificate verify crash with missing PSS parameter\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1288326 - CVE-2015-3196 OpenSSL: Race condition handling PSK identify hint\n1310596 - CVE-2016-0705 OpenSSL: Double-free in DSA code\n1310599 - CVE-2016-0702 OpenSSL: Side channel attack on modular exponentiation\n1311880 - CVE-2016-0797 OpenSSL: BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption\n1312219 - CVE-2016-0799 OpenSSL: Fix memory issues in BIO_*printf functions\n1314757 - CVE-2016-2842 openssl: doapr_outch function does not verify that certain memory allocation succeeds\n1319829 - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331426 - CVE-2016-2107 openssl: Padding oracle in AES-NI CBC MAC check\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1332443 - CVE-2016-3705 libxml2: stack overflow before detecting invalid XML file\n1332820 - CVE-2016-4483 libxml2: out-of-bounds read\n1338682 - CVE-2016-1833 libxml2: Heap-based buffer overread in htmlCurrentChar\n1338686 - CVE-2016-4447 libxml2: Heap-based buffer underreads due to xmlParseName\n1338691 - CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs\n1338696 - CVE-2016-1837 libxml2: Heap use-after-free in htmlPArsePubidLiteral and htmlParseSystemiteral\n1338700 - CVE-2016-4448 libxml2: Format string vulnerability\n1338701 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content\n1338702 - CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey\n1338703 - CVE-2016-1839 libxml2: Heap-based buffer overread in xmlDictAddString\n1338705 - CVE-2016-1838 libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal\n1338706 - CVE-2016-1840 libxml2: Heap-buffer-overflow in xmlFAParserPosCharGroup\n1338708 - CVE-2016-1834 libxml2: Heap-buffer-overflow in xmlStrncat\n1338711 - CVE-2016-1762 libxml2: Heap-based buffer-overread in xmlNextChar\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1341705 - CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase\n1343400 - CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1382352 - CVE-2016-6808 mod_jk: Buffer overflow when concatenating virtual host name and URI\n1387605 - CVE-2016-8612 JBCS mod_cluster: Protocol parsing logic error\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. \n\nNOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE\n0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS\nPER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS. \n\nBN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)\n==================================================================\n\nSeverity: Moderate\n\nThere is a carry propagating bug in the x86_64 Montgomery squaring procedure. No\nEC algorithms are affected. Analysis suggests that attacks against RSA and DSA\nas a result of this defect would be very difficult to perform and are not\nbelieved likely. Attacks against DH are considered just feasible (although very\ndifficult) because most of the work necessary to deduce information\nabout a private key may be performed offline. The amount of resources\nrequired for such an attack would be very significant and likely only\naccessible to a limited number of attackers. An attacker would\nadditionally need online access to an unpatched system using the target\nprivate key in a scenario with persistent DH parameters and a private\nkey that is shared between multiple clients. For example this can occur by\ndefault in OpenSSL DHE based SSL/TLS ciphersuites. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 13 2015 by Hanno\nB\u00f6ck. The fix was developed by Andy Polyakov of the OpenSSL\ndevelopment team. Since these routines are used to verify\ncertificate signature algorithms this can be used to crash any certificate\nverification operation and exploited in a DoS attack. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\n\nThis issue was reported to OpenSSL on August 27 2015 by Lo\u00efc Jonas Etienne\n(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL\ndevelopment team. This structure is used by the PKCS#7 and CMS routines so any\napplication which reads PKCS#7 or CMS data from untrusted sources is affected. \nSSL/TLS is not affected. \n\nThis issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\nOpenSSL 1.0.1 users should upgrade to 1.0.1q\nOpenSSL 1.0.0 users should upgrade to 1.0.0t\nOpenSSL 0.9.8 users should upgrade to 0.9.8zh\n\nThis issue was reported to OpenSSL on November 9 2015 by Adam Langley\n(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen\nHenson of the OpenSSL development team. \n\nRace condition handling PSK identify hint (CVE-2015-3196)\n=========================================================\n\nSeverity: Low\n\nIf PSK identity hints are received by a multi-threaded client then\nthe values are wrongly updated in the parent SSL_CTX structure. \n\nThis issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously\nlisted in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0\nand has not been previously fixed in an OpenSSL 1.0.0 release. \n\nThe fix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nAnon DH ServerKeyExchange with 0 p parameter (CVE-2015-1794)\n============================================================\n\nSeverity: Low\n\nIf a client receives a ServerKeyExchange for an anonymous DH ciphersuite with\nthe value of p set to 0 then a seg fault can occur leading to a possible denial\nof service attack. \n\nThis issue affects OpenSSL version 1.0.2. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2e\n\nThis issue was reported to OpenSSL on August 3 2015 by Guy Leaver (Cisco). The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nversions will be provided after that date. In the absence of significant\nsecurity issues being identified prior to that date, the 1.0.0t and 0.9.8zh\nreleases will be the last for those versions. Users of these versions are\nadvised to upgrade. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20151203.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3194",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "78623",
        "trust": 1.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 1.4
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.1
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU95113540",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115",
        "trust": 0.8
      },
      {
        "db": "MCAFEE",
        "id": "SB10203",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3194",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137294",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134782",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134859",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134650",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136992",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169632",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "id": "VAR-201512-0483",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.391459985
  },
  "last_update_date": "2024-07-22T22:33:37.136000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HPSBMU03590",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "Release Strategy",
        "trust": 0.8,
        "url": "https://www.openssl.org/policies/releasestrat.html"
      },
      {
        "title": "Add PSS parameter check. (d8541d7)",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=d8541d7e9e63bf5f343af24644046c8d96498c17"
      },
      {
        "title": "Add PSS parameter check. (c394a48)",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e"
      },
      {
        "title": "Certificate verify crash with missing PSS parameter (CVE-2015-3194)",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "Bug 1288320",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c"
      },
      {
        "title": "Red Hat: CVE-2015-3194",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3194"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-614",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-01"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Debian CVElist Bug Report Logs: Security fixes from the April 2016 CPU",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6bed8fb34e63f7953d08e5701d75ec01"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3194 "
      },
      {
        "title": "changelog",
        "trust": 0.1,
        "url": "https://github.com/halon/changelog "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 1.4,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html"
      },
      {
        "trust": 1.2,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3413"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/78623"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131085"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05157667"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.1,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1288320"
      },
      {
        "trust": 1.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.1,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=c394a488942387246653833359a5c94b5832674e"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=d8541d7e9e63bf5f343af24644046c8d96498c17"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95113540/"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3194"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.3,
        "url": "https://kb.netapp.com/support/index?page=content\u0026id=9010051\u0026actp=rss"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "https://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2016/oct/msg00005.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10203"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/dec/23"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04944173"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085 "
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05157667"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023836"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1023987"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099196"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099199"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099200"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099210"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099426"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1021091"
      },
      {
        "trust": 0.3,
        "url": "https://www.pexip.com/sites/pexip/files/pexip_security_bulletin_2016-02-17.pdf"
      },
      {
        "trust": 0.3,
        "url": "https://networks.unify.com/security/advisories/obso-1512-02.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979528"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000128"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978415"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21979761"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005656"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005657"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005669"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005694"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005702"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974168"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21974459"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976148"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976419"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21977265"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978085"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978239"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21979086"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980207"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980965"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980969"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21981765"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982172"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982877"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982883"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983532"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21984021"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21985739"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21986593"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg2c1000058"
      },
      {
        "trust": 0.3,
        "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory15.asc"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983823"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982347"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2842"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.2,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:2617"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42530"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/swd/public"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5161"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5600"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0800"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://openssl.org/news/secadv_20151203.txt"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.2.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3194\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20151203.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3196\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:26.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-9.3.patch"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-10.2.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:26/openssl-9.3.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/hpsim"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv/20151203.txt"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "db": "BID",
        "id": "78623"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "date": "2015-12-03T00:00:00",
        "db": "BID",
        "id": "78623"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "date": "2016-06-02T16:22:00",
        "db": "PACKETSTORM",
        "id": "137294"
      },
      {
        "date": "2015-12-14T16:39:59",
        "db": "PACKETSTORM",
        "id": "134782"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2015-12-16T20:20:47",
        "db": "PACKETSTORM",
        "id": "134859"
      },
      {
        "date": "2015-12-06T13:33:33",
        "db": "PACKETSTORM",
        "id": "134650"
      },
      {
        "date": "2016-05-13T16:14:35",
        "db": "PACKETSTORM",
        "id": "136992"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2015-12-03T12:12:12",
        "db": "PACKETSTORM",
        "id": "169632"
      },
      {
        "date": "2015-12-06T20:59:04.707000",
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3194"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "78623"
      },
      {
        "date": "2016-09-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      },
      {
        "date": "2023-11-07T02:25:31.567000",
        "db": "NVD",
        "id": "CVE-2015-3194"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "78623"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/rsa/rsa_ameth.c Service disruption in  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006115"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "78623"
      }
    ],
    "trust": 0.3
  }
}

var-202108-2248
Vulnerability from variot

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. FortiManager , FortiAnalyzer , FortiPortal for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager and others are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for the FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202108-2248",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortiportal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.3.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortiportal",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortiportal",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.3.0"
      },
      {
        "model": "fortiportal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.5"
      },
      {
        "model": "fortiportal",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortiportal",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26104"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.5",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.6",
                "versionStartIncluding": "5.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.2.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.11",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.8",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.11",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-26104"
      }
    ]
  },
  "cve": "CVE-2021-26104",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2021-26104",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-385068",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-019573",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-26104",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-26104",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-319",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-385068",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26104"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26104"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-319"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. FortiManager , FortiAnalyzer , FortiPortal for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiManager and others are products of Fortinet. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for the FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-26104"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-385068"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-26104",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080319",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2617",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-319",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-47985",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-385068",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26104"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-319"
      }
    ]
  },
  "id": "VAR-202108-2248",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385068"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:43:47.462000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-037",
        "trust": 0.8,
        "url": "https://www.fortiguard.com/psirt/fg-ir-21-037"
      },
      {
        "title": "Fortinet Repair measures for operating system command injection vulnerabilities in many products",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=158569"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-319"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.1
      },
      {
        "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26104"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-21-037"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/orangecertcc/security-research/security/advisories/ghsa-f73m-fvj3-m2pm"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26104"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080319"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2021-26104/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2617"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortianalyzer-fortimanager-code-execution-via-os-command-injection-36038"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-385068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26104"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-319"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-385068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-26104"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-319"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-04-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-385068"
      },
      {
        "date": "2023-08-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "date": "2022-04-06T16:15:07.863000",
        "db": "NVD",
        "id": "CVE-2021-26104"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-319"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-385068"
      },
      {
        "date": "2023-08-04T03:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      },
      {
        "date": "2022-07-28T18:00:26.863000",
        "db": "NVD",
        "id": "CVE-2021-26104"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2022-08-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-319"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-319"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Fortinet\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-019573"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-201708-0341
Vulnerability from variot

SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. Fortinet FortiManager Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiManager is prone to following security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. An HTML-injection vulnerability 3. An SQL-injection vulnerability 4. A local privilege-escalation vulnerability 5. An arbitrary file-download vulnerability Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. A SQL injection vulnerability exists in Fortinet FortiManager 5.0.x prior to 5.0.11 and 5.2.x prior to 5.2.2

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0341",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_2000e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_200d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_3900e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_400e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_3000f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager_300e:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3616"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maksymilian Motyl and the ITN Security Team at Orange Polska",
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3616",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3616",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-81577",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2015-3616",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3616",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-581",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81577",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81577"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. Fortinet FortiManager Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FortiManager is prone to following security vulnerabilities:\n1. A remote privilege-escalation vulnerability\n2. An HTML-injection vulnerability\n3. An SQL-injection vulnerability\n4. A local privilege-escalation vulnerability\n5. An arbitrary file-download vulnerability\nExploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. A SQL injection vulnerability exists in Fortinet FortiManager 5.0.x prior to 5.0.11 and 5.2.x prior to 5.2.2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81577"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3616",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1032188",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "74444",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-581",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "37412",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81577",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81577"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ]
  },
  "id": "VAR-201708-0341",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81577"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:03:42.544000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-15-011",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "title": "Fortinet FortiManager SQL Repair measures for injecting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73993"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81577"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3616"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032188"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/74444"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3616"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3616"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/37412"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-011/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81577"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81577"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3616"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81577"
      },
      {
        "date": "2015-04-16T00:00:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2017-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "date": "2017-08-11T21:29:00.447000",
        "db": "NVD",
        "id": "CVE-2015-3616"
      },
      {
        "date": "2017-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81577"
      },
      {
        "date": "2017-08-25T07:11:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2017-09-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      },
      {
        "date": "2017-08-26T01:29:00.380000",
        "db": "NVD",
        "id": "CVE-2015-3616"
      },
      {
        "date": "2017-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager In  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007728"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SQL injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-581"
      }
    ],
    "trust": 0.6
  }
}

var-202004-0815
Vulnerability from variot

An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. plural Fortinet The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Fortinet, FortiOS, etc. are all products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. A resource management error vulnerability exists in several Fortinet FortiGuard products due to uncontrolled resource consumption. The following products and versions are affected: Fortinet FortiGuard FortiOS 6.2.2 and earlier; Fortinet FortiGuard FortiSwitch 3.6.11, FortiSwitch 6.0.6, FortiSwitch 6.2.2; Fortinet FortiGuard FortiAnalyzer 6.2.3 earlier; Fortinet FortiGuard FortiManager 6.2 .3 prior; Fortinet FortiGuard FortiAP-S/W2 prior to 6.2.2

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0815",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortiswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortiswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.2"
      },
      {
        "model": "fortiap-s",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.2"
      },
      {
        "model": "fortiswitch",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.3"
      },
      {
        "model": "fortiap-w2",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.2"
      },
      {
        "model": "fortiswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.3"
      },
      {
        "model": "fortiswitch",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.6.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.2.3"
      },
      {
        "model": "fortiap-s",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.2.2"
      },
      {
        "model": "fortiap-w2",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.2.3"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "3.6.11"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.0.6"
      },
      {
        "model": "fortiswitch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "6.2.2"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17657"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiap-s:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.6.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.6",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortiswitch:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.2.2",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17657"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Denis Kolegov,Maxim Gorbunov,Anton Nikolaev,Nikita Oleksov",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-17657",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015282",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-149925",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2019-015282",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-17657",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2019-015282",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-298",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-149925",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17657"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. plural Fortinet The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Fortinet, FortiOS, etc. are all products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. A resource management error vulnerability exists in several Fortinet FortiGuard products due to uncontrolled resource consumption. The following products and versions are affected: Fortinet FortiGuard FortiOS 6.2.2 and earlier; Fortinet FortiGuard FortiSwitch 3.6.11, FortiSwitch 6.0.6, FortiSwitch 6.2.2; Fortinet FortiGuard FortiAnalyzer 6.2.3 earlier; Fortinet FortiGuard FortiManager 6.2 .3 prior; Fortinet FortiGuard FortiAP-S/W2 prior to 6.2.2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17657"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "db": "VULHUB",
        "id": "VHN-149925"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-17657",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-298",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0403",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-149925",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17657"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ]
  },
  "id": "VAR-202004-0815",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149925"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:27:32.379000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-19-013",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-19-013"
      },
      {
        "title": "Multiple Fortinet Product resource management error vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=110681"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17657"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/psirt/fg-ir-19-013"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17657"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17657"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0403/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortios-fortianalyzer-fortimanager-denial-of-service-via-slow-http-31506"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17657"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-149925"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17657"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-149925"
      },
      {
        "date": "2020-04-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "date": "2020-04-07T18:15:13.510000",
        "db": "NVD",
        "id": "CVE-2019-17657"
      },
      {
        "date": "2020-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-149925"
      },
      {
        "date": "2020-04-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      },
      {
        "date": "2020-04-08T19:18:03.237000",
        "db": "NVD",
        "id": "CVE-2019-17657"
      },
      {
        "date": "2020-04-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Fortinet Product exhaustion vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-015282"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-298"
      }
    ],
    "trust": 0.6
  }
}

var-202211-0045
Vulnerability from variot

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202211-0045",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.8"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.8"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-39950"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.4",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.8",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.4",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.9",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.8",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-39950"
      }
    ]
  },
  "cve": "CVE-2022-39950",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.1,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-39950",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-39950",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202211-1893",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-39950"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39950"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor \"protected\" comment as described in CVE-2020-9281",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-39950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-435747"
      }
    ],
    "trust": 0.99
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-39950",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-1893",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-435747",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-435747"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39950"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ]
  },
  "id": "VAR-202211-0045",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-435747"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:41:48.404000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fortinet FortiManager  and FortiAnalyzer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213025"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-435747"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39950"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/psirt/fg-ir-21-228"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-39950/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortimanager-fortianalyzer-cross-site-scripting-via-report-templates-39798"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-435747"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39950"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-435747"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-39950"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-435747"
      },
      {
        "date": "2022-11-02T12:15:55.537000",
        "db": "NVD",
        "id": "CVE-2022-39950"
      },
      {
        "date": "2022-11-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-11-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-435747"
      },
      {
        "date": "2022-11-03T17:50:51.563000",
        "db": "NVD",
        "id": "CVE-2022-39950"
      },
      {
        "date": "2022-11-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager and FortiAnalyzer Cross-site scripting vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202211-1893"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0210
Vulnerability from variot

The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. OpenSSL is prone to denial-of-service vulnerability. An attacker may exploit this issue to cause a denial-of-service condition. The following are vulnerable: OpenSSL 1.0.2 prior to 1.0.2b OpenSSL 1.0.1 prior to 1.0.1n OpenSSL 1.0.0 prior to 1.0.0s OpenSSL 0.9.8 prior to 0.9.8zg. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04739301

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04739301 Version: 1

HPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2015-07-10 Last Updated: 2015-07-10

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP IceWall Products running OpenSSL. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Product Impacted Versions Impacted CVEs

HP IceWall MCRP v3.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792

HP IceWall SSO Dfw v10.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792

HP IceWall SSO Agent Option v10.0 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792

HP IceWall SSO Certd v10.0 CVE-2015-1792

HP IceWall Federation Agent v3.0 CVE-2015-1792

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP recommends applying the latest OS vendor security patches for OpenSSL to resolve the vulnerabilities for HP IceWall Products.

HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please apply the latest OS vendor security patches for OpenSSL and switch to the OpenSSL library bundled with the OS.

Documents are available at the following location with instructions to switch to the OS bundled OpenSSL library:

http://www.hp.com/jp/icewall_patchaccess

Note: The HP IceWall product is only available in Japan.

HISTORY Version:1 (rev.1) - 10 July 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201506-02


                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSL: Multiple vulnerabilities Date: June 22, 2015 Bugs: #551832 ID: 201506-02


Synopsis

Multiple vulnerabilities have been found in OpenSSL that can result in either Denial of Service or information disclosure.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1o >= 0.9.8z_p7 >= 1.0.1o

Description

Multiple vulnerabilities have been found in OpenSSL. Please review the CVE identifiers referenced below for details.

Resolution

All OpenSSL 1.0.1 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1o"

All OpenSSL 0.9.8 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.8z_p7"

References

[ 1 ] CVE-2014-8176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176 [ 2 ] CVE-2015-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788 [ 3 ] CVE-2015-1789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789 [ 4 ] CVE-2015-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790 [ 5 ] CVE-2015-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791 [ 6 ] CVE-2015-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792 [ 7 ] CVE-2015-4000 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201506-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

. ============================================================================ Ubuntu Security Notice USN-2639-1 June 11, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. (CVE-2014-8176)

Joseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed ECParameters structures. (CVE-2015-1788)

Robert Swiecki and Hanno B=C3=B6ck discovered that OpenSSL incorrectly handled certain ASN1_TIME strings. (CVE-2015-1791)

Johannes Bauer discovered that OpenSSL incorrectly handled verifying signedData messages using the CMS code. (CVE-2015-1792)

As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04: libssl1.0.0 1.0.1f-1ubuntu11.4

Ubuntu 14.10: libssl1.0.0 1.0.1f-1ubuntu9.8

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.15

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.31

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2639-1 CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8 https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

============================================================================= FreeBSD-SA-15:10.openssl Security Advisory The FreeBSD Project

Topic: Multiple OpenSSL vulnerabilities

Category: contrib Module: openssl Announced: 2015-06-12 Affects: All supported versions of FreeBSD. Corrected: 2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE) 2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12) 2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE) 2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16) 2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE) 2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30) CVE Name: CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 CVE-2015-1792, CVE-2015-4000

For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit .

I. Background

FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

II. [CVE-2015-1791]

The OpenSSL advisory also describes a problem that is identified as CVE-2014-8176, which is already fixed by an earlier FreeBSD Errata Notice, FreeBSD-EN-15:02.openssl.

III. [CVE-2015-4000]. [CVE-2015-1788]. This affects FreeBSD 10.1 only, as the problem was no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]

An attacker may be able to crash multi-thread applications that supports resumed TLS handshakes. [CVE-2015-1791]

IV. Workaround

No workaround is available.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date.

2) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility:

freebsd-update fetch

freebsd-update install

3) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.

[FreeBSD 10.1]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc

gpg --verify openssl-10.1.patch.asc

[FreeBSD 9.3 and 8.4]

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch

fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc

gpg --verify openssl-8.4.patch.asc

b) Apply the patch. Execute the following commands as root:

cd /usr/src

patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as described in .

Restart all deamons using the library, or reboot the system.

VI. Correction details

The following list contains the correction revision numbers for each affected branch.

Branch/path Revision


stable/8/ r284286 releng/8.4/ r284295 stable/9/ r284286 releng/9.3/ r284295 stable/10/ r284285 releng/10.1/ r284295


To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed:

svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

VII. References

The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.4 (FreeBSD)

iQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8 BQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf pbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL JKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh vBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d eRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV HXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9 sLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R PrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I MMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ TyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe vVCM4Nyx4S9WDFOi76ug =dyhg -----END PGP SIGNATURE----- .

Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz: Upgraded. Fixes several bugs and security issues: o Malformed ECParameters causes infinite loop (CVE-2015-1788) o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789) o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790) o CMS verify infinite loop with unknown hash function (CVE-2015-1792) o Race condition handling NewSessionTicket (CVE-2015-1791) For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791 ( Security fix ) patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz: Upgraded. +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz

MD5 signatures: +-------------+

Slackware 13.0 packages: 383ecfed6bfef1440a44d7082745848a openssl-0.9.8zg-i486-1_slack13.0.txz fb186187ffa200e22d9450a9d0e321f6 openssl-solibs-0.9.8zg-i486-1_slack13.0.txz

Slackware x86_64 13.0 packages: eb52318ed52fef726402f0b2a74745c5 openssl-0.9.8zg-x86_64-1_slack13.0.txz 9447927b960a01b21149e28a9783021f openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz

Slackware 13.1 packages: 37f46f6b4fe2acbe217eaf7c0b33b704 openssl-0.9.8zg-i486-1_slack13.1.txz 986de2e71676f61d788a59a1e0c8de1f openssl-solibs-0.9.8zg-i486-1_slack13.1.txz

Slackware x86_64 13.1 packages: 6b160ce817dcde3ae5b3a861b284387b openssl-0.9.8zg-x86_64-1_slack13.1.txz 503d891680c711162386ea7e3daadca8 openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz

Slackware 13.37 packages: 5e7501b1d73d01d3d87704c3cfd3a888 openssl-0.9.8zg-i486-1_slack13.37.txz 874f0b59870dd3f259640c9930a02f99 openssl-solibs-0.9.8zg-i486-1_slack13.37.txz

Slackware x86_64 13.37 packages: b6d91614458040d461dff3c3eab45206 openssl-0.9.8zg-x86_64-1_slack13.37.txz be106df5e59c2be7fa442df8ba85ad0b openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz

Slackware 14.0 packages: ee7c3937e6a6d7ac7537f751af7da7b9 openssl-1.0.1n-i486-1_slack14.0.txz 758662437d33f99ec0a686cedeb1919e openssl-solibs-1.0.1n-i486-1_slack14.0.txz

Slackware x86_64 14.0 packages: 2dfdc4729e93cf460018e9e30a6223dc openssl-1.0.1n-x86_64-1_slack14.0.txz 9cb4b34e97e60f6bfe4c843aabeae954 openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz

Slackware 14.1 packages: 5a9bf08d55615cfc097109c2e3786f7b openssl-1.0.1n-i486-1_slack14.1.txz fb1c05468e5c38d51a8ff6ac435e3a20 openssl-solibs-1.0.1n-i486-1_slack14.1.txz

Slackware x86_64 14.1 packages: 1ef5cede3f954c3e4741012ffa76b750 openssl-1.0.1n-x86_64-1_slack14.1.txz ea22c288c60ae1d7ea8c5b3a1608462b openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz

Slackware -current packages: 56db8712d653c060f910e8915a8f8656 a/openssl-solibs-1.0.1n-i586-1.txz 6d6264c9943e27240db5c8f5ec342e27 n/openssl-1.0.1n-i586-1.txz

Slackware x86_64 -current packages: e73f7aff5aa0ad14bc06428544f99ae2 a/openssl-solibs-1.0.1n-x86_64-1.txz 91b550b9eb0ac0c580e158375a93c0e4 n/openssl-1.0.1n-x86_64-1.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n

Fixes for this issue were developed by Emilia Käsper and Kurt Roeckx of the OpenSSL development team.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

CMS verify infinite loop with unknown hash function (CVE-2015-1792)

Severity: Moderate

When verifying a signedData message the CMS code can enter an infinite loop if presented with an unknown hash function OID.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Race condition handling NewSessionTicket (CVE-2015-1791)

Severity: Low

If a NewSessionTicket is received by a multi-threaded client when attempting to reuse a previous ticket then a race condition can occur potentially leading to a double free of the ticket data.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was discovered by Emilia Käsper of the OpenSSL development team. The fix was developed by Matt Caswell of the OpenSSL development team.

Invalid free in DTLS (CVE-2014-8176)

Severity: Moderate

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0210",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "hs series all versions"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.9.5"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.01"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator probe option ver3.1.0.x to  ver4.1.0.x"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.0"
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.02"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "foundation v8.2 to  v8.5"
      },
      {
        "model": "webotx sip application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1 to  v8.1"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c cmm"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise v8.2 to  v9.2"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator agent ver3.3 to  ver4.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v4.2 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "express v8.2 to  v9.2"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.54"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v7.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "ix2000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.2"
      },
      {
        "model": "univerge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "3c ucm"
      },
      {
        "model": "supply chain products suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle transportation management 6.1"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v7.1"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v7.1 to  v8.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  sg3600lm/lg/lj v6.1"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "systemmanager ver5.5.2 to  ver6.2.1"
      },
      {
        "model": "peoplesoft products",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  peoplesoft enterprise peopletools 8.53"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.0"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  intersecvm/sg v1.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v4.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard v8.2 to  v9.2"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "jobcenter r14.1"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7500/nv5500/nv3500 series"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "webotx enterprise service bus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v6.4 to  v9.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v4.1 to  v6.5"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "istorage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "nv7400/nv5400/nv3400 series"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "application navigator manager ver3.2.2 to  ver4.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2b"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.2 to  v9.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1n"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v4.2 to  v6.5"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v4.0"
      },
      {
        "model": "websam",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "mcoperations ver3.6.2 to  ver4.2"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v7.1 to  v8.1"
      },
      {
        "model": "ix3000 series",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "secureware/pki application development kit",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver3.1"
      },
      {
        "model": "fusion middleware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle exalogic infrastructure eecs 2.0.6.2.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "uddi registry v1.1 to  v7.1"
      },
      {
        "model": "express5800",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "/sg series  univerge sg3000lg/lj"
      },
      {
        "model": "capssuite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v3.0 to  v4.0 manager component"
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.4"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "buildforge ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.28"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.5"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "open source siem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "abyp-4tl-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "netscaler t1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.20"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "qradar incident forensics mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "command center appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.2"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "netscaler gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.00"
      },
      {
        "model": "filenet system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.3"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "enterprise content management system monitor fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.02"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.6"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-2t-1s-1l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.3"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.03"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.1"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "netscaler application delivery controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "enterprise content management system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.3"
      },
      {
        "model": "abyp-2t-1s-1l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "abyp-2t-2s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.11.0"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.2"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-0t-4s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-4ts-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "abyp-10g-4lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "abyp-10g-4lr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.12.3"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.214"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "abyp-0t-0s-4l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "abyp-4t-0s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "icewall federation agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "project openssl 0.9.8g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system networking rackswitch g8124-e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "abyp-0t-2s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "abyp-0t-2s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "abyp-2t-0s-2l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "abyp-10g-4sr-1-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "ds8870 r7.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system networking rackswitch g8264t",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.0"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.21.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.5.0"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "abyp-10g-4sr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "buildforge ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3.66"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "abyp-0t-4s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "rational software architect for websphere",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "qradar siem mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "system networking rackswitch g8264cs",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.12.0"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.01"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "cloudbridge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "abyp-0t-0s-4l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "system networking rackswitch g8052",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "qradar incident forensics mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system networking rackswitch g8316",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.15.0"
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "abyp-2t-2s-0l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "abyp-4tl-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.15"
      },
      {
        "model": "abyp-4ts-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.02"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "worklight consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "abyp-10g-2sr-2lr-1-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "cognos insight standard edition fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.24"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "abyp-4t-0s-0l-p",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.2"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "buildforge ifix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2.37"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.2"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.10"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "worklight foundation consumer edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.13"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "worklight enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "system networking rackswitch g8124",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.11.4.0"
      },
      {
        "model": "cognos insight standard edition fp if",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.124"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.0"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "worklight foundation enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.2.0.1"
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system networking rackswitch g8332",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.7.20.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.3"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.01"
      },
      {
        "model": "unified security management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "buildforge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "cognos insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "netscaler service delivery appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "0"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "mobilefirst platform foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.05"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.12"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "abyp-2t-0s-2l-p-m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "system networking rackswitch g8264",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.14.0"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "icewall sso certd",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security identity manager virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Johannes Bauer",
    "sources": [
      {
        "db": "BID",
        "id": "75154"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-1792",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-1792",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1792",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1792",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. OpenSSL is prone to denial-of-service vulnerability. \nAn attacker may exploit this issue to cause a denial-of-service condition. \nThe following are vulnerable:\nOpenSSL 1.0.2 prior to 1.0.2b\nOpenSSL 1.0.1 prior to 1.0.1n\nOpenSSL 1.0.0 prior to 1.0.0s\nOpenSSL 0.9.8 prior to 0.9.8zg. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04739301\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04739301\nVersion: 1\n\nHPSBGN03371 rev.1 - HP IceWall Products running OpenSSL, Remote Denial of\nService (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-07-10\nLast Updated: 2015-07-10\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP IceWall\nProducts running OpenSSL. The vulnerabilities could be exploited remotely\nresulting in Denial of Service (DoS). \nProduct\n Impacted Versions\n Impacted CVEs\n\nHP IceWall MCRP\n v3.0\n CVE-2015-1789\nCVE-2015-1790\nCVE-2015-1792\n\nHP IceWall SSO Dfw\n v10.0\n CVE-2015-1789\nCVE-2015-1790\nCVE-2015-1792\n\nHP IceWall SSO Agent Option\n v10.0\n CVE-2015-1789\nCVE-2015-1790\nCVE-2015-1792\n\nHP IceWall SSO Certd\n v10.0\n CVE-2015-1792\n\nHP IceWall Federation Agent\n v3.0\n CVE-2015-1792\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends applying the latest OS vendor security patches for OpenSSL to\nresolve the vulnerabilities for HP IceWall Products. \n\n  HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could\nbe using either the OS bundled OpenSSL library or the OpenSSL bundled with HP\nIceWall. If still using the OpenSSL bundled with HP IceWall, please apply the\nlatest OS vendor security patches for OpenSSL and switch to the OpenSSL\nlibrary bundled with the OS. \n\n  Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n    http://www.hp.com/jp/icewall_patchaccess\n\n  Note: The HP IceWall product is only available in Japan. \n\nHISTORY\nVersion:1 (rev.1) - 10 July 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201506-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: June 22, 2015\n     Bugs: #551832\n       ID: 201506-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL that can result in\neither Denial of Service or information disclosure. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl             \u003c 1.0.1o               \u003e= 0.9.8z_p7\n                                                            \u003e= 1.0.1o\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in OpenSSL. Please review the\nCVE identifiers referenced below for details. \n\nResolution\n==========\n\nAll OpenSSL 1.0.1 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-1.0.1o\"\n\nAll OpenSSL 0.9.8 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/openssl-0.9.8z_p7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-8176\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8176\n[ 2 ] CVE-2015-1788\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1788\n[ 3 ] CVE-2015-1789\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1789\n[ 4 ] CVE-2015-1790\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1790\n[ 5 ] CVE-2015-1791\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1791\n[ 6 ] CVE-2015-1792\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1792\n[ 7 ] CVE-2015-4000\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4000\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201506-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. ============================================================================\nUbuntu Security Notice USN-2639-1\nJune 11, 2015\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nPraveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that\nOpenSSL incorrectly handled memory when buffering DTLS data. (CVE-2014-8176)\n\nJoseph Barr-Pixton discovered that OpenSSL incorrectly handled malformed\nECParameters structures. (CVE-2015-1788)\n\nRobert Swiecki and Hanno B=C3=B6ck discovered that OpenSSL incorrectly handled\ncertain ASN1_TIME strings. \n(CVE-2015-1791)\n\nJohannes Bauer discovered that OpenSSL incorrectly handled verifying\nsignedData messages using the CMS code. \n(CVE-2015-1792)\n\nAs a security improvement, this update also modifies OpenSSL behaviour to\nreject DH key sizes below 768 bits, preventing a possible downgrade\nattack. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n  libssl1.0.0                     1.0.1f-1ubuntu11.4\n\nUbuntu 14.10:\n  libssl1.0.0                     1.0.1f-1ubuntu9.8\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.15\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.31\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2639-1\n  CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,\n  CVE-2015-1791, CVE-2015-1792\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n=============================================================================\nFreeBSD-SA-15:10.openssl                                    Security Advisory\n                                                          The FreeBSD Project\n\nTopic:          Multiple OpenSSL vulnerabilities\n\nCategory:       contrib\nModule:         openssl\nAnnounced:      2015-06-12\nAffects:        All supported versions of FreeBSD. \nCorrected:      2015-06-11 19:07:45 UTC (stable/10, 10.1-STABLE)\n                2015-06-12 07:23:55 UTC (releng/10.1, 10.1-RELEASE-p12)\n                2015-06-11 19:39:27 UTC (stable/9, 9.3-STABLE)\n                2015-06-12 07:23:55 UTC (releng/9.3, 9.3-RELEASE-p16)\n                2015-06-11 19:39:27 UTC (stable/8, 8.4-STABLE)\n                2015-06-12 07:23:55 UTC (releng/8.4, 8.4-RELEASE-p30)\nCVE Name:       CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791\n                CVE-2015-1792, CVE-2015-4000\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:https://security.FreeBSD.org/\u003e. \n\nI.   Background\n\nFreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. [CVE-2015-1791]\n\nThe OpenSSL advisory also describes a problem that is identified as\nCVE-2014-8176, which is already fixed by an earlier FreeBSD Errata\nNotice, FreeBSD-EN-15:02.openssl. \n\nIII. [CVE-2015-4000]. \n[CVE-2015-1788].  This affects FreeBSD 10.1 only, as the problem\nwas no longer exist in OpenSSL 0.9.8 series since July 2012. [CVE-2015-1790]. [CVE-2015-1792]\n\nAn attacker may be able to crash multi-thread applications that\nsupports resumed TLS handshakes. [CVE-2015-1791]\n\nIV.  Workaround\n\nNo workaround is available. \n\nV.   Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\nrelease / security branch (releng) dated after the correction date. \n\n2) To update your vulnerable system via a binary patch:\n\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\nplatforms can be updated via the freebsd-update(8) utility:\n\n# freebsd-update fetch\n# freebsd-update install\n\n3) To update your vulnerable system via a source code patch:\n\nThe following patches have been verified to apply to the applicable\nFreeBSD release branches. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 10.1]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-10.1.patch.asc\n# gpg --verify openssl-10.1.patch.asc\n\n[FreeBSD 9.3 and 8.4]\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch\n# fetch https://security.FreeBSD.org/patches/SA-15:10/openssl-8.4.patch.asc\n# gpg --verify openssl-8.4.patch.asc\n\nb) Apply the patch.  Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n\nc) Recompile the operating system using buildworld and installworld as\ndescribed in \u003cURL:https://www.FreeBSD.org/handbook/makeworld.html\u003e. \n\nRestart all deamons using the library, or reboot the system. \n\nVI.  Correction details\n\nThe following list contains the correction revision numbers for each\naffected branch. \n\nBranch/path                                                      Revision\n- -------------------------------------------------------------------------\nstable/8/                                                         r284286\nreleng/8.4/                                                       r284295\nstable/9/                                                         r284286\nreleng/9.3/                                                       r284295\nstable/10/                                                        r284285\nreleng/10.1/                                                      r284295\n- -------------------------------------------------------------------------\n\nTo see which files were modified by a particular revision, run the\nfollowing command, replacing NNNNNN with the revision number, on a\nmachine with Subversion installed:\n\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\n\nOr visit the following URL, replacing NNNNNN with the revision number:\n\n\u003cURL:https://svnweb.freebsd.org/base?view=revision\u0026revision=NNNNNN\u003e\n\nVII. References\n\n\u003cURL:https://www.openssl.org/news/secadv_20150611.txt\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\u003e \n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\u003e\n\n\u003cURL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000\u003e\n\nThe latest revision of this advisory is available at\n\u003cURL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:10.openssl.asc\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.1.4 (FreeBSD)\n\niQIcBAEBCgAGBQJVeopGAAoJEO1n7NZdz2rnzhQP/Ak6el188Y+7QbEYVfCZ7eG8\nBQLj5TMGHV5swSKVlPcEuBlMwTjpgB5Gqhc8luDS0eIAuJGdcMPSrZDdXxWQFtPf\npbfIwp/ElFc7d6ut0Y8t6fFLJbhTOoHJpzTGkFRfJkjinGOx7OZQPeLJsxSubbnL\nJKugZ3diH6yk6IPMf9SvhO/kYXUF1VbXQvHNTnqgdhFVkgF6tK22Pkl2XoJ9EHbh\nvBXft1yJwiYlZ//DxZuScTUj1pHYzK3bOpg//REJMWCMj1RVwQr2EyDa0Q2cT02d\neRnSZykXD69eybyzEck+BvwnUYYJICimnHuE5t78UIr0D/NWyOAZTQ99z5TID5aV\nHXkcil+1E/Q+xBB4+5UOOnESf6cmiWwewQOVvD26ZY39E6oJXvsrWnyxIuCG6DL9\nsLtxB6iTYlTX5Civ/VJX8H7rFiw4UwMembthvGzck22026iHjplWM3GCWz0E8O3R\nPrXBHjAzNFawK3owNMxFSUFTuFw/qY7EEwJ3SKCEC+hoxcLOl26NMxrQKRIAUk+I\nMMOaZfvOh2uM19y9SJZz8+sqU8gIm7ihDm5fuSkO8kY0jdvLwyS9bXAejN/lZ6oJ\nTyfTDDyXDOdaPpnpQehh6vQV0NiaJ+WXfGhfiE8/G/t6b1E0LlCaaGJTpYkildGe\nvVCM4Nyx4S9WDFOi76ug\n=dyhg\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n  Fixes several bugs and security issues:\n   o Malformed ECParameters causes infinite loop (CVE-2015-1788)\n   o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n   o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n   o CMS verify infinite loop with unknown hash function (CVE-2015-1792)\n   o Race condition handling NewSessionTicket (CVE-2015-1791)\n  For more information, see:\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792\n    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791\n  (* Security fix *)\npatches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz:  Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8zg-i486-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nUpdated packages for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-0.9.8zg-i486-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nUpdated packages for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nUpdated packages for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-0.9.8zg-i486-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nUpdated packages for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-0.9.8zg-x86_64-1_slack13.37.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1n-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1n-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1n-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1n-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.1n-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.1n-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.1n-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.1n-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 packages:\n383ecfed6bfef1440a44d7082745848a  openssl-0.9.8zg-i486-1_slack13.0.txz\nfb186187ffa200e22d9450a9d0e321f6  openssl-solibs-0.9.8zg-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\neb52318ed52fef726402f0b2a74745c5  openssl-0.9.8zg-x86_64-1_slack13.0.txz\n9447927b960a01b21149e28a9783021f  openssl-solibs-0.9.8zg-x86_64-1_slack13.0.txz\n\nSlackware 13.1 packages:\n37f46f6b4fe2acbe217eaf7c0b33b704  openssl-0.9.8zg-i486-1_slack13.1.txz\n986de2e71676f61d788a59a1e0c8de1f  openssl-solibs-0.9.8zg-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 packages:\n6b160ce817dcde3ae5b3a861b284387b  openssl-0.9.8zg-x86_64-1_slack13.1.txz\n503d891680c711162386ea7e3daadca8  openssl-solibs-0.9.8zg-x86_64-1_slack13.1.txz\n\nSlackware 13.37 packages:\n5e7501b1d73d01d3d87704c3cfd3a888  openssl-0.9.8zg-i486-1_slack13.37.txz\n874f0b59870dd3f259640c9930a02f99  openssl-solibs-0.9.8zg-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 packages:\nb6d91614458040d461dff3c3eab45206  openssl-0.9.8zg-x86_64-1_slack13.37.txz\nbe106df5e59c2be7fa442df8ba85ad0b  openssl-solibs-0.9.8zg-x86_64-1_slack13.37.txz\n\nSlackware 14.0 packages:\nee7c3937e6a6d7ac7537f751af7da7b9  openssl-1.0.1n-i486-1_slack14.0.txz\n758662437d33f99ec0a686cedeb1919e  openssl-solibs-1.0.1n-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n2dfdc4729e93cf460018e9e30a6223dc  openssl-1.0.1n-x86_64-1_slack14.0.txz\n9cb4b34e97e60f6bfe4c843aabeae954  openssl-solibs-1.0.1n-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n5a9bf08d55615cfc097109c2e3786f7b  openssl-1.0.1n-i486-1_slack14.1.txz\nfb1c05468e5c38d51a8ff6ac435e3a20  openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\n1ef5cede3f954c3e4741012ffa76b750  openssl-1.0.1n-x86_64-1_slack14.1.txz\nea22c288c60ae1d7ea8c5b3a1608462b  openssl-solibs-1.0.1n-x86_64-1_slack14.1.txz\n\nSlackware -current packages:\n56db8712d653c060f910e8915a8f8656  a/openssl-solibs-1.0.1n-i586-1.txz\n6d6264c9943e27240db5c8f5ec342e27  n/openssl-1.0.1n-i586-1.txz\n\nSlackware x86_64 -current packages:\ne73f7aff5aa0ad14bc06428544f99ae2  a/openssl-solibs-1.0.1n-x86_64-1.txz\n91b550b9eb0ac0c580e158375a93c0e4  n/openssl-1.0.1n-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.1n-i486-1_slack14.1.txz openssl-solibs-1.0.1n-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\n\nFixes for this issue were developed by Emilia K\u00e4sper and Kurt Roeckx\nof the OpenSSL development team. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nCMS verify infinite loop with unknown hash function (CVE-2015-1792)\n===================================================================\n\nSeverity: Moderate\n\nWhen verifying a signedData message the CMS code can enter an infinite loop\nif presented with an unknown hash function OID. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nRace condition handling NewSessionTicket (CVE-2015-1791)\n========================================================\n\nSeverity: Low\n\nIf a NewSessionTicket is received by a multi-threaded client when attempting to\nreuse a previous ticket then a race condition can occur potentially leading to\na double free of the ticket data. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was discovered by Emilia K\u00e4sper of the OpenSSL development team. The\nfix was developed by Matt Caswell of the OpenSSL development team. \n\nInvalid free in DTLS (CVE-2014-8176)\n====================================\n\nSeverity: Moderate\n\nThis vulnerability does not affect current versions of OpenSSL. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1792",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "75154",
        "trust": 1.4
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 1.4
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1032564",
        "trust": 1.1
      },
      {
        "db": "JVN",
        "id": "JVNVU91445763",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1792",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132637",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132398",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132260",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132288",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132285",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136989",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "id": "VAR-201506-0210",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-07-23T20:20:15.383000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "title": "Canonicalise input in CMS_verify.",
        "trust": 0.8,
        "url": "https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c"
      },
      {
        "title": "HPSBUX03388",
        "trust": 0.8,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=143880121627664\u0026amp;w=2"
      },
      {
        "title": "HPSBMU03546",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05045763"
      },
      {
        "title": "\u30a2\u30e9\u30a4\u30c9\u30c6\u30ec\u30b7\u30b9\u682a\u5f0f\u4f1a\u793e\u304b\u3089\u306e\u60c5\u5831",
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/522154/index.html"
      },
      {
        "title": "NV15-010",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-010.html"
      },
      {
        "title": "OpenSSL vulnerabilities",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/vulnerabilities.html"
      },
      {
        "title": "Tarballs",
        "trust": 0.8,
        "url": "https://www.openssl.org/source/"
      },
      {
        "title": "[11 Jun 2015] DHE man-in-the-middle protection (Logjam)",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "October 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "JSA10694",
        "trust": 0.8,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "title": "TLSA-2015-14",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-14j.html"
      },
      {
        "title": "cisco-sa-20150612-openssl",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/jp/112/1129/1129443_cisco-sa-20150612-openssl-j.html"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1792",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1792"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-550",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-550"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Citrix Security Bulletins: Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=eb059834b7f24e2562bcf592b6d0afbc"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1792 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.5,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 1.4,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.4,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.4,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html"
      },
      {
        "trust": 1.4,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 1.4,
        "url": "https://support.citrix.com/article/ctx216642"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/bid/75154"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.1,
        "url": "https://github.com/openssl/openssl/commit/cd30f03ac5bf2962f44bd02ae8d88245dff2f12c"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.1,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.1,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.1,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.1,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.1,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032564"
      },
      {
        "trust": 1.1,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu91445763/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1792"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04739301"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965415"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5098801"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012435"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962726"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963532"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961179"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963270"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964113"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970667"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963603"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/399.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=43094"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/jp/icewall_patchaccess"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4000"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.8"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.15"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu11.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.31"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/news/secadv_20150611.txt\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://svnweb.freebsd.org/base?view=revision\u0026revision=nnnnnn\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4000\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/advisories/freebsd-sa-15:10.openssl.asc\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-10.1.patch.asc"
      },
      {
        "trust": 0.1,
        "url": "https://security.freebsd.org/patches/sa-15:10/openssl-8.4.patch"
      },
      {
        "trust": 0.1,
        "url": "https://www.freebsd.org/handbook/makeworld.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1792\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/sim"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "db": "BID",
        "id": "75154"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75154"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "date": "2015-07-10T15:43:15",
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "date": "2015-06-22T14:14:00",
        "db": "PACKETSTORM",
        "id": "132398"
      },
      {
        "date": "2015-06-11T23:39:03",
        "db": "PACKETSTORM",
        "id": "132260"
      },
      {
        "date": "2015-06-12T13:25:28",
        "db": "PACKETSTORM",
        "id": "132288"
      },
      {
        "date": "2015-06-12T13:17:58",
        "db": "PACKETSTORM",
        "id": "132285"
      },
      {
        "date": "2016-05-13T16:14:13",
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-12T19:59:05.273000",
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1792"
      },
      {
        "date": "2017-05-02T04:06:00",
        "db": "BID",
        "id": "75154"
      },
      {
        "date": "2017-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      },
      {
        "date": "2023-02-13T00:46:54.330000",
        "db": "NVD",
        "id": "CVE-2015-1792"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "75154"
      }
    ],
    "trust": 0.3
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/cms/cms_smime.c of  do_free_upto Service disruption in functions  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003084"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Failure to Handle Exceptional Conditions",
    "sources": [
      {
        "db": "BID",
        "id": "75154"
      }
    ],
    "trust": 0.3
  }
}

var-201511-0090
Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. Fortinet FortiManager is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. FortiManager 5.2.3 and prior versions are vulnerable. [+] Credits: hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTIMANAGER-XSS-0924.txt

Vendor:

www.fortinet.com

Product:

FortiManager v5.2.2

FortiManager is a centralized security management appliance that allows you to centrally manage any number of Fortinet Network Security devices. 2 potential XSS vectors were identified:

  • XSS vulnerability in SOMVpnSSLPortalDialog. 2 potential XSS vectors were identified:

  • XSS vulnerability in sharedjobmanager.

Affected Products

XSS items 1-2: FortiManager v5.2.2 or earlier. XSS items 3-4: FortiManager v5.2.3 or earlier.

Solutions:

No workarounds are currently available. Update to FortiManager v5.2.4.

Exploit code(s):

1- Persistent: https://localhost/cgi-bin/module/sharedobjmanager/firewall/SOMServiceObjDialog?devGrpId=18446744073709551615&deviceId=18446744073709551615&vdom=&adomId=3&vdomID=0&adomType=ems&cate=167&prodId=0&key=ALL&catetype=167&cate=167&permit_w=1&roid=189&startIndex=0&results=50


var-201806-0785
Vulnerability from variot

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. Fortinet FortiManager and FortiAnalyzer Contains an access control vulnerability.Information may be tampered with. Fortinet FortiAnalyzer and FortiManager are prone to an access-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. The following products and versions are vulnerable: FortiAnalyzer 6.0.0 and prior FortiManager 6.0.0 and prior. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. An access control error vulnerability exists in Fortinet FortiManager 6.0.0 and earlier and FortiAnalyzer 6.0.0 and earlier

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0785",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.6.5"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.6.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.13"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1354"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Donato Onofri",
    "sources": [
      {
        "db": "BID",
        "id": "104537"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1354",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-1354",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-123609",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-1354",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1354",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201806-1347",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123609",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. Fortinet FortiManager and FortiAnalyzer Contains an access control vulnerability.Information may be tampered with. Fortinet FortiAnalyzer and FortiManager are prone to an access-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. \nThe following products and versions are vulnerable:\nFortiAnalyzer 6.0.0 and prior\nFortiManager 6.0.0 and prior. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. An access control error vulnerability exists in Fortinet FortiManager 6.0.0 and earlier and FortiAnalyzer 6.0.0 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1354"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "db": "BID",
        "id": "104537"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123609"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1354",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "104537",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1041182",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1041183",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1347",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-123609",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123609"
      },
      {
        "db": "BID",
        "id": "104537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ]
  },
  "id": "VAR-201806-0785",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123609"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:50:43.692000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-18-014",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-18-014"
      },
      {
        "title": "Fortinet FortiManager  and FortiAnalyzer Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81606"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1354"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/104537"
      },
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-18-014"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1041182"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1041183"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1354"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1354"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-18-014"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123609"
      },
      {
        "db": "BID",
        "id": "104537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123609"
      },
      {
        "db": "BID",
        "id": "104537"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1354"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123609"
      },
      {
        "date": "2018-06-22T00:00:00",
        "db": "BID",
        "id": "104537"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "date": "2018-06-27T20:29:03.620000",
        "db": "NVD",
        "id": "CVE-2018-1354"
      },
      {
        "date": "2018-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123609"
      },
      {
        "date": "2018-06-22T00:00:00",
        "db": "BID",
        "id": "104537"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-1354"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager and  FortiAnalyzer Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-007120"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1347"
      }
    ],
    "trust": 0.6
  }
}

var-202111-0284
Vulnerability from variot

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS. FortiManager There is a vulnerability related to information leakage.Information may be obtained

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202111-0284",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.0"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.11"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-36192"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.11",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.11",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.8",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.1",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-36192"
      }
    ]
  },
  "cve": "CVE-2021-36192",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 2.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-36192",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-398102",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.0,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.0,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.8,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2021-36192",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-36192",
            "trust": 1.8,
            "value": "LOW"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2021-36192",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202111-376",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-398102",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398102"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36192"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-376"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS. FortiManager There is a vulnerability related to information leakage.Information may be obtained",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-36192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      },
      {
        "db": "VULHUB",
        "id": "VHN-398102"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-36192",
        "trust": 3.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014588",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-376",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-398102",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398102"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-376"
      }
    ]
  },
  "id": "VAR-202111-0284",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398102"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:22:41.240000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-21-103",
        "trust": 0.8,
        "url": "https://fortiguard.com/advisory/fg-ir-21-103"
      },
      {
        "title": "Fortinet FortiManager Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=168898"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-376"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      },
      {
        "problemtype": "information leak (CWE-200) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-668",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398102"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36192"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-21-103"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36192"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortinet-fortimanager-information-disclosure-via-adoms-script-36816"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-398102"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-376"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-398102"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-36192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-376"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-11-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398102"
      },
      {
        "date": "2022-10-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      },
      {
        "date": "2021-11-03T11:15:08.203000",
        "db": "NVD",
        "id": "CVE-2021-36192"
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-376"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-398102"
      },
      {
        "date": "2022-10-20T09:06:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      },
      {
        "date": "2022-05-03T16:04:40.443000",
        "db": "NVD",
        "id": "CVE-2021-36192"
      },
      {
        "date": "2022-05-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202111-376"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-376"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 Vulnerability regarding information leakage in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-014588"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202111-376"
      }
    ],
    "trust": 0.6
  }
}

var-201806-0784
Vulnerability from variot

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. Fortinet FortiManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiManager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. FortiManager 6.0.0 and prior are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. The vulnerability stems from the fact that the program does not filter the input submitted by the user

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0784",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.80"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "6.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "104533"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1351"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1351"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sven Wandersleb",
    "sources": [
      {
        "db": "BID",
        "id": "104533"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-1351",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-1351",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-123576",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.7,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-1351",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-1351",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201806-1394",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123576",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1351"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. Fortinet FortiManager Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Fortinet FortiManager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nFortiManager 6.0.0 and prior are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. The vulnerability stems from the fact that the program does not filter the input submitted by the user",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1351"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "db": "BID",
        "id": "104533"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123576"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1351",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "104533",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1041181",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1394",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-123576",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123576"
      },
      {
        "db": "BID",
        "id": "104533"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1351"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ]
  },
  "id": "VAR-201806-0784",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123576"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:05:26.716000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FG-IR-18-006",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-18-006"
      },
      {
        "title": "Fortinet FortiManager Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81638"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123576"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1351"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://fortiguard.com/advisory/fg-ir-18-006"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/104533"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1041181"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1351"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1351"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      },
      {
        "trust": 0.3,
        "url": "https://fortiguard.com/psirt/fg-ir-18-006"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123576"
      },
      {
        "db": "BID",
        "id": "104533"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1351"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123576"
      },
      {
        "db": "BID",
        "id": "104533"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1351"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-06-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123576"
      },
      {
        "date": "2018-06-22T00:00:00",
        "db": "BID",
        "id": "104533"
      },
      {
        "date": "2018-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "date": "2018-06-28T15:29:00.307000",
        "db": "NVD",
        "id": "CVE-2018-1351"
      },
      {
        "date": "2018-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123576"
      },
      {
        "date": "2018-06-22T00:00:00",
        "db": "BID",
        "id": "104533"
      },
      {
        "date": "2018-08-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      },
      {
        "date": "2020-01-22T16:15:11.543000",
        "db": "NVD",
        "id": "CVE-2018-1351"
      },
      {
        "date": "2018-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-006803"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201806-1394"
      }
    ],
    "trust": 0.6
  }
}

var-201610-0305
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. FortiAnalyzer and FortiManager are prone to a HTML-injection vulnerability. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible. The following products are vulnerable: FortiManager 5.0.0 through 5.0.11 and 5.2.0 through 5.2.2 are vulnerable. FortiAnalyzer 5.0.0 through 5.0.12 and 5.2.0 through 5.2.2 are vulnerable. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. A cross-site scripting vulnerability exists in Fortinet FortiManager and Fortinet FortiAnalyzer. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. The following versions are affected: Fortinet FortiManager versions 5.0.0 to 5.0.11, versions 5.2.0 to 5.2.2; Fortinet FortiAnalyzer versions 5.0.0 to 5.0.12, versions 5.2.0 to 5.2.2

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0305",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.13"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "( with hard disk )"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortianalyzer",
        "scope": null,
        "trust": 0.8,
        "vendor": "fortinet",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortimanager:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fortinet:fortianalyzer:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7363"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ismail Saygili",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2015-7363",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-7363",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-85324",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2015-7363",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-7363",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-117",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-85324",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. FortiAnalyzer and FortiManager are prone to a HTML-injection vulnerability. \nSuccessful exploits will result in the execution of arbitrary  attacker-supplied HTML and script code in the context of the affected  application, potentially allowing the attacker to steal cookie-based  authentication credentials or control how the page is rendered to the  user. Other attacks are also possible. \nThe following products are vulnerable:\nFortiManager 5.0.0 through 5.0.11 and 5.2.0 through 5.2.2 are vulnerable. \nFortiAnalyzer 5.0.0 through 5.0.12 and  5.2.0 through 5.2.2 are vulnerable. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. A cross-site scripting vulnerability exists in Fortinet FortiManager and Fortinet FortiAnalyzer. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML. The following versions are affected: Fortinet FortiManager versions 5.0.0 to 5.0.11, versions 5.2.0 to 5.2.2; Fortinet FortiAnalyzer versions 5.0.0 to 5.0.12, versions 5.2.0 to 5.2.2",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-7363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "db": "BID",
        "id": "93413"
      },
      {
        "db": "VULHUB",
        "id": "VHN-85324"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-7363",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "93413",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1036982",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1036981",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2016.2340",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-85324",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85324"
      },
      {
        "db": "BID",
        "id": "93413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ]
  },
  "id": "VAR-201610-0305",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85324"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:19:39.372000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiAnalyzer and FortiManager stored XSS vulnerability in report filters",
        "trust": 0.8,
        "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
      },
      {
        "title": "Fortinet FortiManager  and Fortinet FortiAnalyzer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64542"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7363"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/93413"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036981"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036982"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7363"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7363"
      },
      {
        "trust": 0.6,
        "url": "http://www.auscert.org.au/./render.html?it=39342"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-85324"
      },
      {
        "db": "BID",
        "id": "93413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-85324"
      },
      {
        "db": "BID",
        "id": "93413"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-7363"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85324"
      },
      {
        "date": "2016-10-05T00:00:00",
        "db": "BID",
        "id": "93413"
      },
      {
        "date": "2016-10-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "date": "2016-10-07T14:59:02.677000",
        "db": "NVD",
        "id": "CVE-2015-7363"
      },
      {
        "date": "2016-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-85324"
      },
      {
        "date": "2016-10-10T00:05:00",
        "db": "BID",
        "id": "93413"
      },
      {
        "date": "2016-10-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      },
      {
        "date": "2017-07-30T01:29:00.723000",
        "db": "NVD",
        "id": "CVE-2015-7363"
      },
      {
        "date": "2016-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Appliance model with hard disk  Fortinet FortiManager and  FortiAnalyzer Cross-site scripting vulnerability in Advanced Settings page",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007284"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-117"
      }
    ],
    "trust": 0.6
  }
}

var-202002-0834
Vulnerability from variot

A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. FortiManager Contains a cross-site scripting vulnerability.The information may be obtained and the information may be altered. FortiManager is prone to following security vulnerabilities: 1. A remote privilege-escalation vulnerability 2. An HTML-injection vulnerability 3. An SQL-injection vulnerability 4. A local privilege-escalation vulnerability 5. An arbitrary file-download vulnerability Exploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0834",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "fortimanager  firmware  5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8",
        "version": "fortimanager  firmware  5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.10",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.2.1",
                "versionStartIncluding": "5.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3612"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Maksymilian Motyl and the ITN Security Team at Orange Polska",
    "sources": [
      {
        "db": "BID",
        "id": "74444"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-3612",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3612",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-81573",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2015-3612",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3612",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-056",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81573",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81573"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. FortiManager Contains a cross-site scripting vulnerability.The information may be obtained and the information may be altered. FortiManager is prone to following security vulnerabilities:\n1. A remote privilege-escalation vulnerability\n2. An HTML-injection vulnerability\n3. An SQL-injection vulnerability\n4. A local privilege-escalation vulnerability\n5. An arbitrary file-download vulnerability\nExploiting these issues could allow an attacker to execute attacker-supplied HTML or script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, gain elevated privileges, or download arbitrary files from the web server and obtain potentially sensitive information. This may aid in other attacks. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81573"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3612",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "74444",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1032188",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-056",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-14765",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-81573",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81573"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ]
  },
  "id": "VAR-202002-0834",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81573"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:03:42.486000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multiple\u00a0Vulnerabilities\u00a0in\u00a0FortiManager",
        "trust": 0.8,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "title": "Fortinet FortiManager Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109812"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.1
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81573"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3612"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://fortiguard.com/psirt/fg-ir-15-011"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/74444"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032188"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3612"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-011/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81573"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-81573"
      },
      {
        "db": "BID",
        "id": "74444"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81573"
      },
      {
        "date": "2015-04-16T00:00:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "date": "2020-02-04T20:15:11.433000",
        "db": "NVD",
        "id": "CVE-2015-3612"
      },
      {
        "date": "2020-02-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81573"
      },
      {
        "date": "2017-08-25T07:11:00",
        "db": "BID",
        "id": "74444"
      },
      {
        "date": "2020-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      },
      {
        "date": "2020-02-05T21:35:35.687000",
        "db": "NVD",
        "id": "CVE-2015-3612"
      },
      {
        "date": "2020-02-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FortiManager\u00a0 Vulnerable to cross-site scripting",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-008560"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-056"
      }
    ],
    "trust": 0.6
  }
}

var-202206-0516
Vulnerability from variot

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202206-0516",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.15"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.17"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortisandbox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.9"
      },
      {
        "model": "fortisandbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.2.0"
      },
      {
        "model": "fortios",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.14"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.6"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortisandbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.1.0"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.7"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.0.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.0.12"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "7.0.1"
      },
      {
        "model": "fortisandbox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.1.5"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.0.1"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "4.0.0"
      },
      {
        "model": "fortios",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.6.10"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.0.1"
      },
      {
        "model": "fortisandbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.0.0"
      },
      {
        "model": "fortisandbox",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "3.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "6.4.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22305"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.12",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1.5",
                "versionStartIncluding": "3.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.15",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.17",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.14",
                "versionStartIncluding": "5.6.10",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.2.4",
                "versionStartIncluding": "3.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.7",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.7",
                "versionStartIncluding": "6.2.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.6",
                "versionStartIncluding": "6.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.2.11",
                "versionStartIncluding": "6.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.12",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22305"
      }
    ]
  },
  "cve": "CVE-2022-22305",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.6,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "psirt@fortinet.com",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-22305",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "psirt@fortinet.com",
            "id": "CVE-2022-22305",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202206-753",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22305"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An improper certificate validation vulnerability [CWE-295] in\u00a0FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to\u00a0man-in-the-middle the communication between the listed products and some external peers",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22305"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22305"
      }
    ],
    "trust": 0.99
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-22305",
        "trust": 1.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2022060801",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-753",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-22305",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-22305"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ]
  },
  "id": "VAR-202206-0516",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.37698412
  },
  "last_update_date": "2023-12-18T12:54:59.310000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multiple Fortinet Repair measures for product trust management problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195166"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-22305"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.1,
        "url": "https://fortiguard.com/psirt/fg-ir-18-292"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/fortios-fortianalyzer-fortimanager-man-in-the-middle-38526"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022060801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-22305"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-22305"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-22305"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-09-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22305"
      },
      {
        "date": "2023-09-01T12:15:08.363000",
        "db": "NVD",
        "id": "CVE-2022-22305"
      },
      {
        "date": "2022-06-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-09-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-22305"
      },
      {
        "date": "2023-11-07T03:43:51.810000",
        "db": "NVD",
        "id": "CVE-2022-22305"
      },
      {
        "date": "2022-06-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple Fortinet Product Trust Management Issue Vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202206-753"
      }
    ],
    "trust": 0.6
  }
}

var-201506-0497
Vulnerability from variot

The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. OpenSSL is prone to a denial-of-service vulnerability. An attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS).

HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP IceWall. If still using the OpenSSL bundled with HP IceWall, please apply the latest OS vendor security patches for OpenSSL and switch to the OpenSSL library bundled with the OS.

Documents are available at the following location with instructions to switch to the OS bundled OpenSSL library:

http://www.hp.com/jp/icewall_patchaccess

Note: The HP IceWall product is only available in Japan.

Release Date: 2015-08-05 Last Updated: 2015-08-05

Potential Security Impact: Remote disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running OpenSSL with SSL/TLS enabled.

This is the TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman key exchange known as Logjam which could be exploited remotely resulting in disclosure of information.

References:

CVE-2015-4000: DHE man-in-the-middle protection (Logjam).

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2015-4000 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-1793 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided an updated version of OpenSSL to resolve this vulnerability.

A new B.11.31 depot for OpenSSL_A.01.00.01p is available here:

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber =OPENSSL11I

MANUAL ACTIONS: Yes - Update

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX B.11.31

openssl.OPENSSL-CER openssl.OPENSSL-CONF openssl.OPENSSL-DOC openssl.OPENSSL-INC openssl.OPENSSL-LIB openssl.OPENSSL-MAN openssl.OPENSSL-MIS openssl.OPENSSL-PRNG openssl.OPENSSL-PVT openssl.OPENSSL-RUN openssl.OPENSSL-SRC action: install revision A.01.00.01p or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 5 August 2015 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssl security update Advisory ID: RHSA-2015:1115-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1115.html Issue date: 2015-06-15 CVE Names: CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 =====================================================================

  1. Summary:

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176)

A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216)

An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789)

A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791)

A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792)

A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790)

Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Böck as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Käsper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792.

All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression 1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time 1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent 1228607 - CVE-2015-1792 OpenSSL: CMS verify infinite loop with unknown hash function 1228608 - CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket 1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm

ppc64: openssl-1.0.1e-30.el6_6.11.ppc.rpm openssl-1.0.1e-30.el6_6.11.ppc64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.ppc.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm openssl-devel-1.0.1e-30.el6_6.11.ppc.rpm openssl-devel-1.0.1e-30.el6_6.11.ppc64.rpm

s390x: openssl-1.0.1e-30.el6_6.11.s390.rpm openssl-1.0.1e-30.el6_6.11.s390x.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.s390.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm openssl-devel-1.0.1e-30.el6_6.11.s390.rpm openssl-devel-1.0.1e-30.el6_6.11.s390x.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

ppc64: openssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm openssl-perl-1.0.1e-30.el6_6.11.ppc64.rpm openssl-static-1.0.1e-30.el6_6.11.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm openssl-perl-1.0.1e-30.el6_6.11.s390x.rpm openssl-static-1.0.1e-30.el6_6.11.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: openssl-1.0.1e-30.el6_6.11.src.rpm

i386: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-1.0.1e-30.el6_6.11.i686.rpm openssl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-devel-1.0.1e-30.el6_6.11.i686.rpm openssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: openssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm openssl-perl-1.0.1e-30.el6_6.11.i686.rpm openssl-static-1.0.1e-30.el6_6.11.i686.rpm

x86_64: openssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm openssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm openssl-static-1.0.1e-30.el6_6.11.x86_64.rpm

Red Hat Enterprise Linux Client (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

ppc64: openssl-1.0.1e-42.el7_1.8.ppc64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm openssl-devel-1.0.1e-42.el7_1.8.ppc.rpm openssl-devel-1.0.1e-42.el7_1.8.ppc64.rpm openssl-libs-1.0.1e-42.el7_1.8.ppc.rpm openssl-libs-1.0.1e-42.el7_1.8.ppc64.rpm

s390x: openssl-1.0.1e-42.el7_1.8.s390x.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm openssl-devel-1.0.1e-42.el7_1.8.s390.rpm openssl-devel-1.0.1e-42.el7_1.8.s390x.rpm openssl-libs-1.0.1e-42.el7_1.8.s390.rpm openssl-libs-1.0.1e-42.el7_1.8.s390x.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: openssl-1.0.1e-42.ael7b_1.8.src.rpm

ppc64le: openssl-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-devel-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-libs-1.0.1e-42.ael7b_1.8.ppc64le.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: openssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm openssl-perl-1.0.1e-42.el7_1.8.ppc64.rpm openssl-static-1.0.1e-42.el7_1.8.ppc.rpm openssl-static-1.0.1e-42.el7_1.8.ppc64.rpm

s390x: openssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm openssl-perl-1.0.1e-42.el7_1.8.s390x.rpm openssl-static-1.0.1e-42.el7_1.8.s390.rpm openssl-static-1.0.1e-42.el7_1.8.s390x.rpm

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64le: openssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-perl-1.0.1e-42.ael7b_1.8.ppc64le.rpm openssl-static-1.0.1e-42.ael7b_1.8.ppc64le.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: openssl-1.0.1e-42.el7_1.8.src.rpm

x86_64: openssl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-devel-1.0.1e-42.el7_1.8.i686.rpm openssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm openssl-libs-1.0.1e-42.el7_1.8.i686.rpm openssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: openssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm openssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm openssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm openssl-static-1.0.1e-42.el7_1.8.i686.rpm openssl-static-1.0.1e-42.el7_1.8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2014-8176 https://access.redhat.com/security/cve/CVE-2015-1789 https://access.redhat.com/security/cve/CVE-2015-1790 https://access.redhat.com/security/cve/CVE-2015-1791 https://access.redhat.com/security/cve/CVE-2015-1792 https://access.redhat.com/security/cve/CVE-2015-3216 https://access.redhat.com/security/updates/classification/#moderate https://www.openssl.org/news/secadv_20150611.txt

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFVf0NNXlSAg2UNWIIRArL4AJ9e7lbD/4Nks5midR5o3E4Bs5lQWQCgnrvk ZyXizCcFL9oAQexObjxp/Mo= =PXiY -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [11 Jun 2015] =======================================

DHE man-in-the-middle protection (Logjam)

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography. This vulnerability is known as Logjam (CVE-2015-4000).

OpenSSL has added protection for TLS clients by rejecting handshakes with DH parameters shorter than 768 bits. This limit will be increased to 1024 bits in a future release.

Malformed ECParameters causes infinite loop (CVE-2015-1788)

Severity: Moderate

When processing an ECParameters structure OpenSSL enters an infinite loop if the curve specified is over a specially malformed binary polynomial field.

This can be used to perform denial of service against any system which processes public keys, certificate requests or certificates. This includes TLS clients and TLS servers with client authentication enabled.

This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are affected.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s OpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The fix was developed by Andy Polyakov of the OpenSSL development team.

Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)

Severity: Moderate

X509_cmp_time does not properly check the length of the ASN1_TIME string and can read a few bytes out of bounds. In addition, X509_cmp_time accepts an arbitrary number of fractional seconds in the time string.

An attacker can use this to craft malformed certificates and CRLs of various sizes and potentially cause a segmentation fault, resulting in a DoS on applications that verify certificates or CRLs. TLS clients that verify CRLs are affected. TLS clients and servers with client authentication enabled may be affected if they use custom verification callbacks.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki (Google), and independently on 11th April 2015 by Hanno Böck. The fix was developed by Emilia Käsper of the OpenSSL development team.

PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)

Severity: Moderate

The PKCS#7 parsing code does not handle missing inner EncryptedContent correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a NULL pointer dereference on parsing.

Applications that decrypt PKCS#7 data or otherwise parse PKCS#7 structures from untrusted sources are affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 18th April 2015 by Michal Zalewski (Google). The fix was developed by Emilia Käsper of the OpenSSL development team.

This can be used to perform denial of service against any system which verifies signedData messages using the CMS code.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2b OpenSSL 1.0.1 users should upgrade to 1.0.1n OpenSSL 1.0.0 users should upgrade to 1.0.0s OpenSSL 0.9.8 users should upgrade to 0.9.8zg

This issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The fix was developed by Matt Caswell of the OpenSSL development team. It existed in previous OpenSSL versions and was fixed in June 2014.

If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a segmentation fault or potentially, memory corruption.

This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.

This issue was originally reported on March 28th 2014 in https://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen Kariyanahalli, and subsequently by Ivan Fratric and Felix Groebert (Google). A fix was developed by zhu qun-ying.

The fix for this issue can be identified by commits bcc31166 (1.0.1), b79e6e3a (1.0.0) and 4b258e73 (0.9.8).

Note

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these releases will be provided after that date. Users of these releases are advised to upgrade.

References

URL for this Security Advisory: https://www.openssl.org/news/secadv_20150611.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0497",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.2a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "openssl",
        "version": "1.0.1f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0p"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0i"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0f"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1e"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1b"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1c"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0g"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1d"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0e"
      },
      {
        "model": "openssl",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zf"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1a"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0h"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1h"
      },
      {
        "model": "junos 12.1x44-d20",
        "scope": null,
        "trust": 0.9,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x46-d25",
        "scope": null,
        "trust": 0.6,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "3.0"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network controller 1.0.3361m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3.0.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.2"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.211"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.8.0.0"
      },
      {
        "model": "junos 12.1x44-d33",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.22",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "project openssl 1.0.0d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "project openssl 1.0.1a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "junos 12.1x47-d25",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "insight orchestration",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 14.1r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.11"
      },
      {
        "model": "version control agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "open source siem",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "one-x client enablement services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.1"
      },
      {
        "model": "rational automation framework ifix4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "junos 13.3r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "cms r16.3",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.2"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.2"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1209"
      },
      {
        "model": "project openssl k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "netinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "storwize unified",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.2"
      },
      {
        "model": "project openssl 1.0.0g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.6"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "ascenlink",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "7.2.3"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.16"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "rational automation framework ifix5",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "insight control server provisioning",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "junos 12.1x44-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3361"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "hp-ux b.11.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13-34"
      },
      {
        "model": "junos 12.1x44-d51",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.7"
      },
      {
        "model": "sametime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.0.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "project openssl 0.9.8zb",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.15"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.9"
      },
      {
        "model": "workflow for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "filenet system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "junos 12.1x44-d34",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "junos 13.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "imc products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1.2"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "aura system platform sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.1"
      },
      {
        "model": "project openssl 0.9.8w",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.1x47-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.2.77"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.16-37"
      },
      {
        "model": "junos 12.1x44-d50",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.4"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server eus 6.6.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "junos 14.1r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.11"
      },
      {
        "model": "project openssl 1.0.0m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.27"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "project openssl 1.0.1g",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.4"
      },
      {
        "model": "communications security gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "qradar incident forensics mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.0"
      },
      {
        "model": "project openssl 0.9.8m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "project openssl j",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos 12.3x48-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.4-23"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.25-57"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-43"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0.0.52"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.0.3"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.10.38"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.12"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.913"
      },
      {
        "model": "filenet system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5.0.3"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.00"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "project openssl 1.0.0h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 12.3x48-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere master data management patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.33"
      },
      {
        "model": "junos 12.3r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1n",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.10"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.6"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.10"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos d30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "enterprise content management system monitor fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2.02"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "screenos 6.3.0r21",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.10"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5"
      },
      {
        "model": "aura communication manager ssp04",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.11-28"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.7"
      },
      {
        "model": "project openssl 0.9.8r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.3"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 15.1r2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.2.3"
      },
      {
        "model": "project openssl 0.9.8n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "icewall sso agent option",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.8"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network controller 1.0.3350m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.1"
      },
      {
        "model": "project openssl 0.9.8y",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.3.0.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.03"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "junos 14.2r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.1"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "rational policy tester",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "qradar siem mr2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "junos 14.1r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.1"
      },
      {
        "model": "message networking",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.0"
      },
      {
        "model": "project openssl 1.0.0l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "general parallel file system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.7"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.0"
      },
      {
        "model": "enterprise content management system monitor interim fix",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.0.3"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "project openssl 1.0.2b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.3"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.68"
      },
      {
        "model": "one-x client enablement services sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "fortimail",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.10"
      },
      {
        "model": "screenos 6.3.0r19",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "cloud manager fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.32"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.8.0"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "project openssl 0.9.8p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos 13.3r4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "junos 12.3r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.14"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "security proventia network enterprise scanner",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.3"
      },
      {
        "model": "security access manager for web appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "powerkvm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "aura conferencing sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.0.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.2"
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "junos 12.1x46-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.08"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.9.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15-36"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.6"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "security network controller 1.0.3387m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "junos 12.1x44-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d40",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "junos 12.1x44-d30.4",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "junos 15.1r1",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network controller 1.0.3379m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "project openssl 0.9.8za",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "junos d20",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "meeting exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "50"
      },
      {
        "model": "exalogic infrastructure eecs",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.0.6.2.3"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.213"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.14"
      },
      {
        "model": "project openssl 0.9.8q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1.1"
      },
      {
        "model": "infosphere master data management provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.8"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.6"
      },
      {
        "model": "hp-ux b.11.11.16.09",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.13"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.12.3"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "5.3"
      },
      {
        "model": "screenos 6.3.0r22",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.4"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "rational automation framework",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry fixpack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.413"
      },
      {
        "model": "junos 12.1x46-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.34"
      },
      {
        "model": "project openssl 1.0.1c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.1"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1768"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8v"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.1f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.2a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.12"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.16"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.4.1"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.2919"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.0.2"
      },
      {
        "model": "fortiweb",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.3.3"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "hp-ux b.11.11.13.14",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "junos 14.1r6",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3.16"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "cms r17",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.5"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.1"
      },
      {
        "model": "aura utility services sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3.0.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "project openssl 0.9.8ze",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "comware products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "70"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.15"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.1.1"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "meeting exchange sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "project openssl 1.0.0o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tivoli workload scheduler for applications fp02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.4"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "fortirecorder",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0.1"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.5.0.0"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.7"
      },
      {
        "model": "hp-ux b.11.23.1.007",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.0"
      },
      {
        "model": "cloud manager if fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.252"
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "forticlient windows/mac",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.2.0.1"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.3.0.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.29-9"
      },
      {
        "model": "screenos 6.3.0r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.1"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.8"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3387"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0.64"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "security network controller 1.0.3352m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "security identity governance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "cloud manager if fp",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.144"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.2.8"
      },
      {
        "model": "aura system manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational software architect for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "project openssl 0.9.8l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "enterprise session border controller ecz7.3m2p2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "version control repository manager 7.4.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "ds8870 r7.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "project openssl h",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.3"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.2.0"
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.1"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.411"
      },
      {
        "model": "sdk for node.js for bluemix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "0.12.4"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.0"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.18"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.3"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.12"
      },
      {
        "model": "project openssl i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.4.0.4.0"
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "junos 13.2x51-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "linux x86 64 -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.17"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 1.0.0i",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r2",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "infosphere guardium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.0.3"
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.9.0.0"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "fortivoice enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0.6"
      },
      {
        "model": "junos d10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "junos 12.1x46-d35",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.0"
      },
      {
        "model": "i v5r4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.8.3"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.1"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1.1"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "hp-ux b.11.11.02.008",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.6"
      },
      {
        "model": "junos 12.1x44-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1.11"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.16"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.13"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.3.9.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.4"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.0"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "i v5r3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.0"
      },
      {
        "model": "project openssl 1.0.0e",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 12.1x46-d55",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "meeting exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.2"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "netinsight",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6.0.14"
      },
      {
        "model": "junos 12.1x47-d11",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "system management homepage",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.5"
      },
      {
        "model": "websphere mq",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.4"
      },
      {
        "model": "project openssl c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x46"
      },
      {
        "model": "junos 12.3r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.3r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura collaboration environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "2.0"
      },
      {
        "model": "sdk for node.js",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.15"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8x"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.01"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "fortisandbox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "2.0"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "icewall sso dfw",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "10.0"
      },
      {
        "model": "project openssl 0.9.8zg",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 14.2r4",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.12"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2.2"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.11"
      },
      {
        "model": "junos 13.2x51-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "powerkvm build",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.157"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "junos 13.2x51-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3"
      },
      {
        "model": "project openssl 0.9.8t",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.3"
      },
      {
        "model": "virtual connect enterprise manager sdk",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.3"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.1"
      },
      {
        "model": "junos 12.1x47-d20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos d25",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "security network intrusion prevention system gx5108-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.1"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.6"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "qradar siem mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "datapower gateways",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.1"
      },
      {
        "model": "project openssl 1.0.0c",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2.0.0"
      },
      {
        "model": "security appscan enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.3"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "3.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "project openssl 1.0.0s",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.1.3"
      },
      {
        "model": "junos d35",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x44"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4.0.1"
      },
      {
        "model": "vcx products",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "0"
      },
      {
        "model": "ip office application server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.02"
      },
      {
        "model": "qradar incident forensics",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.2"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "aura application server sip core pb3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "junos 12.1x47-d45",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.15"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.2.0.2"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "7"
      },
      {
        "model": "qradar siem mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "security network controller 1.0.3381m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "enterprise content management system monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gx7412-05",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "project openssl 1.0.0f",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "project openssl d",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.9"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "junos 12.1x44-d40",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.13"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.2"
      },
      {
        "model": "project openssl 1.0.0j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "project openssl 1.0.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.1m",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "13.1"
      },
      {
        "model": "junos 12.1x46-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.5"
      },
      {
        "model": "hp-ux b.11.11.17.02",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "aura experience portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.11"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.1.0.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "screenos 6.3.0r13",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.2"
      },
      {
        "model": "aura presence services sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "initiate master data service provider hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.7"
      },
      {
        "model": "aura presence services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.18-49"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "smartcloud entry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.01"
      },
      {
        "model": "fortiddos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.1.5"
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.2"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.3"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.0"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.5"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.6"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.1.1"
      },
      {
        "model": "project openssl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.6"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "hp-ux b.11.00",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura system manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1.0.3"
      },
      {
        "model": "rational insight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.1.5"
      },
      {
        "model": "forticlient ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.2"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.13-41"
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.0.9"
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "14.0"
      },
      {
        "model": "project openssl 0.9.8zf",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "forticlient android",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "project openssl 1.0.1j",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl f",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "sonas",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.2.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "hp-ux b.11.23.07.04",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "version control repository manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.2"
      },
      {
        "model": "tivoli workload scheduler for applications fp01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "qradar incident forensics mr3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2"
      },
      {
        "model": "initiate master data service patient hub",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3.0"
      },
      {
        "model": "aura conferencing sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.1"
      },
      {
        "model": "junos 12.3x48-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "project openssl 1.0.1d",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.5"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "unified security management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.3"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3381"
      },
      {
        "model": "rational software architect",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.3"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.10"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.9-34"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.15"
      },
      {
        "model": "aura application server sip core pb5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.1"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.11"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "aura session manager sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.02"
      },
      {
        "model": "project openssl 1.0.0p",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.2.1"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "junos 12.1x46-d40",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.3"
      },
      {
        "model": "junos 12.3r11",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.13"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.09"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "aura presence services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.0"
      },
      {
        "model": "security network intrusion prevention system gx3002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.1"
      },
      {
        "model": "commerce experience manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.5.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.2"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.0.1"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "screenos 6.3.0r20",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "security network intrusion prevention system gv200",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "junos 13.3r7",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.5"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "power hmc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1.0.0"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.5.1.3"
      },
      {
        "model": "project openssl 0.9.8zc",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0.1"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.4"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.2"
      },
      {
        "model": "project openssl 1.0.0n",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.0"
      },
      {
        "model": "insight control server provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4.1"
      },
      {
        "model": "junos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "12.1x47"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.5"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.3"
      },
      {
        "model": "infosphere guardium for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.0"
      },
      {
        "model": "aura session manager sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura application enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "rational developer for i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1.1"
      },
      {
        "model": "project openssl 1.0.0r",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 15.1x49-d10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2.0"
      },
      {
        "model": "insight control",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.3.1"
      },
      {
        "model": "aura conferencing sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "forticache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3376"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2.1.0.9"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.5"
      },
      {
        "model": "messagesight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1"
      },
      {
        "model": "aura application server sip core sp10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.18-42"
      },
      {
        "model": "server migration pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "linux x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.37"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.41"
      },
      {
        "model": "aura application server sip core",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "53003.0"
      },
      {
        "model": "project openssl 0.9.8zd",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.2"
      },
      {
        "model": "tivoli workload scheduler for applications",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "security network intrusion prevention system gx5008-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "virtual connect enterprise manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.1"
      },
      {
        "model": "junos 14.1r5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "websphere mq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0.0.2"
      },
      {
        "model": "insight control",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "aura experience portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "aura experience portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "workload deployer if9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.0.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.5"
      },
      {
        "model": "project openssl 1.0.1k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "one-x client enablement services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.1"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2.010"
      },
      {
        "model": "rational application developer for websphere software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0.1"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "aura messaging",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "version control agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "aura system manager sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.10"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.5"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "project openssl 0.9.8o",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.2"
      },
      {
        "model": "server migration pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.13"
      },
      {
        "model": "linux -current",
        "scope": null,
        "trust": 0.3,
        "vendor": "slackware",
        "version": null
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.4.1.2"
      },
      {
        "model": "project openssl e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "openssl",
        "version": "0.9.8"
      },
      {
        "model": "project openssl 1.0.1b",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 1.0.0k",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "tealeaf customer experience",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0.2"
      },
      {
        "model": "aura system platform sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.0.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.1"
      },
      {
        "model": "junos 12.3r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.4"
      },
      {
        "model": "smartcloud provisioning",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.12"
      },
      {
        "model": "cognos metrics manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "10.2.2"
      },
      {
        "model": "matrix operating environment",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.1"
      },
      {
        "model": "aura conferencing",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "security proventia network active bypass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1876"
      },
      {
        "model": "security network intrusion prevention system gx7412",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "16.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "4.2"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.6"
      },
      {
        "model": "qradar siem patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.43"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3.0.1.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "13.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "aura system platform sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.6.0"
      },
      {
        "model": "infosphere master data management standard/advanced edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "11.4"
      },
      {
        "model": "qradar siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.3"
      },
      {
        "model": "ip office server edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx5208-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "fsso build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "235"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3"
      },
      {
        "model": "sterling b2b integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "junos 12.1x44-d26",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "hp-ux b.11.11.14.15",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "proactive contact",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.1"
      },
      {
        "model": "fortiap",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "junos 12.1x44-d35.5",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "one-x client enablement services sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "sametime unified telephony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5.2"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "project openssl 0.9.8s",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "aura communication manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "security network intrusion prevention system gx4002",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "security privileged identity manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.1"
      },
      {
        "model": "security network intrusion prevention system gx5208",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "sterling connect:direct for hp nonstop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.6"
      },
      {
        "model": "fortiadc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.2"
      },
      {
        "model": "junos 12.3x48-d30",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "security network intrusion prevention system gx5108",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.2"
      },
      {
        "model": "security network intrusion prevention system gx7412-10",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "aura system platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.0.1"
      },
      {
        "model": "secure backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.5"
      },
      {
        "model": "security network intrusion prevention system gv1000",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "aura utility services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "workload deployer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.12"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.1.2"
      },
      {
        "model": "sdk for node.js",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.1.0.12"
      },
      {
        "model": "commerce guided search",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.3"
      },
      {
        "model": "cloud manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.0.4"
      },
      {
        "model": "security network controller 1.0.3376m",
        "scope": null,
        "trust": 0.3,
        "vendor": "ibm",
        "version": null
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.3"
      },
      {
        "model": "mysql enterprise backup",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "4.0.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.2.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.9"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.3.3.1"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "tivoli common reporting",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1.1"
      },
      {
        "model": "operations agent",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "12.01"
      },
      {
        "model": "unified security management",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "5.0.4"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "rational automation framework ifix1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.0.15"
      },
      {
        "model": "security network controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.0.3379"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "junos 13.2x51-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "matrix operating environment",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.1"
      },
      {
        "model": "predictiveinsight",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.2"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.0.0"
      },
      {
        "model": "endpoint manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.2.7"
      },
      {
        "model": "junos 12.1x46-d36",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d25",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ip office application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "datapower gateways",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0.0.8"
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5"
      },
      {
        "model": "security access manager for mobile",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "hp-ux b.11.11.15.13",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "aura conferencing sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.2"
      },
      {
        "model": "security network intrusion prevention system gx4004-v2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6.1"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.05"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.6"
      },
      {
        "model": "open source siem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alienvault",
        "version": "4.14"
      },
      {
        "model": "campaign",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.0.2"
      },
      {
        "model": "qradar incident forensics patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.2.41"
      },
      {
        "model": "communication server 1000m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3"
      },
      {
        "model": "infosphere information server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.7"
      },
      {
        "model": "session border controller for enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.0"
      },
      {
        "model": "operations agent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "11.12"
      },
      {
        "model": "communication server 1000e signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.0"
      },
      {
        "model": "sonas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "1.5.0.2"
      },
      {
        "model": "security network intrusion prevention system gx5008",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.3"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.4"
      },
      {
        "model": "insight orchestration",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.0"
      },
      {
        "model": "junos 15.1x49-d20",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 14.2r3",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fortiauthenticator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.1"
      },
      {
        "model": "security network intrusion prevention system gx6116",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.6"
      },
      {
        "model": "aura messaging sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.2"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "icewall mcrp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.0"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.3"
      },
      {
        "model": "iq",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "5.1"
      },
      {
        "model": "system management homepage",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1.1"
      },
      {
        "model": "junos 12.1x46-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "systems insight manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "6.2"
      },
      {
        "model": "aura session manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.1.7"
      },
      {
        "model": "junos 12.1x47-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 12.1x44-d32",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos 13.2x51-d30",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "enterprise linux hpc node",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "project openssl 1.0.1l",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "websphere cast iron",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.4"
      },
      {
        "model": "security network intrusion prevention system gx7800",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.4"
      },
      {
        "model": "communication server 1000m signaling server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "initiate master data service",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.1"
      },
      {
        "model": "security network intrusion prevention system gx4004",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "rational team concert",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "systems insight manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.5.0"
      },
      {
        "model": "aura system manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "6.3.4"
      },
      {
        "model": "version control repository manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "7.3.4"
      },
      {
        "model": "communication server 1000e",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "7.5"
      },
      {
        "model": "project openssl 1.0.0q",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "project openssl 0.9.8u",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "junos 12.3r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "contactoptimization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.0"
      },
      {
        "model": "project openssl 1.0.1h",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "smartcloud entry fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.214"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "15.04"
      },
      {
        "model": "project openssl 1.0.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "qradar siem mr2 patch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.19"
      },
      {
        "model": "junos 12.1x44-d15",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8zf",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0q:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0r:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HP",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-1790",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-1790",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-1790",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-246",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-1790",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. OpenSSL is prone to a denial-of-service vulnerability. \nAn attacker may exploit this issue to crash the application, resulting in denial-of-service conditions. The vulnerabilities could be exploited remotely\nresulting in Denial of Service (DoS). \n\n  HP IceWall SSO Dfw v10.0 and Certd v10.0, which are running on RHEL, could\nbe using either the OS bundled OpenSSL library or the OpenSSL bundled with HP\nIceWall. If still using the OpenSSL bundled with HP IceWall, please apply the\nlatest OS vendor security patches for OpenSSL and switch to the OpenSSL\nlibrary bundled with the OS. \n\n  Documents are available at the following location with instructions to\nswitch to the OS bundled OpenSSL library:\n\n    http://www.hp.com/jp/icewall_patchaccess\n\n  Note: The HP IceWall product is only available in Japan. \n\nRelease Date: 2015-08-05\nLast Updated: 2015-08-05\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running\nOpenSSL with SSL/TLS enabled. \n\nThis is the TLS vulnerability using US export-grade 512-bit keys in\nDiffie-Hellman key exchange known as Logjam which could be exploited remotely\nresulting in disclosure of information. \n\nReferences:\n\nCVE-2015-4000: DHE man-in-the-middle protection (Logjam). \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2015-4000    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2015-1788    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1789    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2015-1790    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1791    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\nCVE-2015-1792    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2015-1793    (AV:N/AC:L/Au:N/C:P/I:P/A:N)       6.4\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided an updated version of OpenSSL to resolve this vulnerability. \n\nA new B.11.31 depot for OpenSSL_A.01.00.01p is available here:\n\nhttps://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber\n=OPENSSL11I\n\nMANUAL ACTIONS: Yes - Update\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see: https://www.hp.com/go/swa\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.31\n==================\nopenssl.OPENSSL-CER\nopenssl.OPENSSL-CONF\nopenssl.OPENSSL-DOC\nopenssl.OPENSSL-INC\nopenssl.OPENSSL-LIB\nopenssl.OPENSSL-MAN\nopenssl.OPENSSL-MIS\nopenssl.OPENSSL-PRNG\nopenssl.OPENSSL-PVT\nopenssl.OPENSSL-RUN\nopenssl.OPENSSL-SRC\naction: install revision A.01.00.01p or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 5 August 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssl security update\nAdvisory ID:       RHSA-2015:1115-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2015-1115.html\nIssue date:        2015-06-15\nCVE Names:         CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 \n                   CVE-2015-1791 CVE-2015-1792 CVE-2015-3216 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nAn invalid free flaw was found in the way OpenSSL handled certain DTLS\nhandshake messages. A malicious DTLS client or server could cause a DTLS\nserver or client using OpenSSL to crash or, potentially, execute arbitrary\ncode. (CVE-2014-8176)\n\nA flaw was found in the way the OpenSSL packages shipped with Red Hat\nEnterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes()\nfunction. This issue could possibly cause a multi-threaded application\nusing OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216)\n\nAn out-of-bounds read flaw was found in the X509_cmp_time() function of\nOpenSSL. A specially crafted X.509 certificate or a Certificate Revocation\nList (CRL) could possibly cause a TLS/SSL server or client using OpenSSL\nto crash. (CVE-2015-1789)\n\nA race condition was found in the session handling code of OpenSSL. This\nissue could possibly cause a multi-threaded TLS/SSL client using OpenSSL\nto double free session ticket data and crash. (CVE-2015-1791)\n\nA flaw was found in the way OpenSSL handled Cryptographic Message Syntax\n(CMS) messages. A CMS message with an unknown hash function identifier\ncould cause an application using OpenSSL to enter an infinite loop. \n(CVE-2015-1792)\n\nA NULL pointer dereference was found in the way OpenSSL handled certain\nPKCS#7 inputs. A specially crafted PKCS#7 input with missing\nEncryptedContent data could cause an application using OpenSSL to crash. \n(CVE-2015-1790)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and\nCVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan\nFratric as the original reporters of CVE-2014-8176, Robert Swiecki and\nHanno B\u00f6ck as the original reporters of CVE-2015-1789, Michal Zalewski as\nthe original reporter of CVE-2015-1790, Emilia K\u00e4sper as the original\nreport of  CVE-2015-1791 and Johannes Bauer as the original reporter of\nCVE-2015-1792. \n\nAll openssl users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library must be restarted, or\nthe system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression\n1228603 - CVE-2015-1789 OpenSSL: out-of-bounds read in X509_cmp_time\n1228604 - CVE-2015-1790 OpenSSL: PKCS7 crash with missing EnvelopedContent\n1228607 - CVE-2015-1792 OpenSSL: CMS verify infinite loop with unknown hash function\n1228608 - CVE-2015-1791 OpenSSL: Race condition handling NewSessionTicket\n1228611 - CVE-2014-8176 OpenSSL: Invalid free in DTLS\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\n\nppc64:\nopenssl-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.ppc.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.s390.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.ppc64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.s390x.rpm\nopenssl-static-1.0.1e-30.el6_6.11.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-30.el6_6.11.src.rpm\n\ni386:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-devel-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.i686.rpm\nopenssl-static-1.0.1e-30.el6_6.11.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-perl-1.0.1e-30.el6_6.11.x86_64.rpm\nopenssl-static-1.0.1e-30.el6_6.11.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nppc64:\nopenssl-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.1e-42.ael7b_1.8.src.rpm\n\nppc64le:\nopenssl-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-devel-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-libs-1.0.1e-42.ael7b_1.8.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.ppc64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.ppc.rpm\nopenssl-static-1.0.1e-42.el7_1.8.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.s390x.rpm\nopenssl-static-1.0.1e-42.el7_1.8.s390.rpm\nopenssl-static-1.0.1e-42.el7_1.8.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nopenssl-debuginfo-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-perl-1.0.1e-42.ael7b_1.8.ppc64le.rpm\nopenssl-static-1.0.1e-42.ael7b_1.8.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.1e-42.el7_1.8.src.rpm\n\nx86_64:\nopenssl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-devel-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-libs-1.0.1e-42.el7_1.8.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-debuginfo-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-perl-1.0.1e-42.el7_1.8.x86_64.rpm\nopenssl-static-1.0.1e-42.el7_1.8.i686.rpm\nopenssl-static-1.0.1e-42.el7_1.8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-8176\nhttps://access.redhat.com/security/cve/CVE-2015-1789\nhttps://access.redhat.com/security/cve/CVE-2015-1790\nhttps://access.redhat.com/security/cve/CVE-2015-1791\nhttps://access.redhat.com/security/cve/CVE-2015-1792\nhttps://access.redhat.com/security/cve/CVE-2015-3216\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://www.openssl.org/news/secadv_20150611.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVf0NNXlSAg2UNWIIRArL4AJ9e7lbD/4Nks5midR5o3E4Bs5lQWQCgnrvk\nZyXizCcFL9oAQexObjxp/Mo=\n=PXiY\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. OpenSSL Security Advisory [11 Jun 2015]\n=======================================\n\nDHE man-in-the-middle protection (Logjam)\n====================================================================\n\nA vulnerability in the TLS protocol allows a man-in-the-middle\nattacker to downgrade vulnerable TLS connections using ephemeral\nDiffie-Hellman key exchange to 512-bit export-grade cryptography. This\nvulnerability is known as Logjam (CVE-2015-4000). \n\nOpenSSL has added protection for TLS clients by rejecting handshakes\nwith DH parameters shorter than 768 bits. This limit will be increased\nto 1024 bits in a future release. \n\nMalformed ECParameters causes infinite loop (CVE-2015-1788)\n===========================================================\n\nSeverity: Moderate\n\nWhen processing an ECParameters structure OpenSSL enters an infinite loop if\nthe curve specified is over a specially malformed binary polynomial field. \n\nThis can be used to perform denial of service against any\nsystem which processes public keys, certificate requests or\ncertificates.  This includes TLS clients and TLS servers with\nclient authentication enabled. \n\nThis issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent\n1.0.0 and 0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are\naffected. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0d (and below) users should upgrade to 1.0.0s\nOpenSSL 0.9.8r (and below) users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 6th April 2015 by Joseph Birr-Pixton. The\nfix was developed by Andy Polyakov of the OpenSSL development team. \n\nExploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)\n===============================================================\n\nSeverity: Moderate\n\nX509_cmp_time does not properly check the length of the ASN1_TIME\nstring and can read a few bytes out of bounds. In addition,\nX509_cmp_time accepts an arbitrary number of fractional seconds in the\ntime string. \n\nAn attacker can use this to craft malformed certificates and CRLs of\nvarious sizes and potentially cause a segmentation fault, resulting in\na DoS on applications that verify certificates or CRLs. TLS clients\nthat verify CRLs are affected. TLS clients and servers with client\nauthentication enabled may be affected if they use custom verification\ncallbacks. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 8th April 2015 by Robert Swiecki\n(Google), and independently on 11th April 2015 by Hanno B\u00f6ck. The fix\nwas developed by Emilia K\u00e4sper of the OpenSSL development team. \n\nPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)\n=========================================================\n\nSeverity: Moderate\n\nThe PKCS#7 parsing code does not handle missing inner EncryptedContent\ncorrectly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs\nwith missing content and trigger a NULL pointer dereference on parsing. \n\nApplications that decrypt PKCS#7 data or otherwise parse PKCS#7\nstructures from untrusted sources are affected. OpenSSL clients and\nservers are not affected. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 18th April 2015 by  Michal\nZalewski (Google). The fix was developed by Emilia K\u00e4sper of the\nOpenSSL development team. \n\nThis can be used to perform denial of service against any system which\nverifies signedData messages using the CMS code. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 1.0.2 users should upgrade to 1.0.2b\nOpenSSL 1.0.1 users should upgrade to 1.0.1n\nOpenSSL 1.0.0 users should upgrade to 1.0.0s\nOpenSSL 0.9.8 users should upgrade to 0.9.8zg\n\nThis issue was reported to OpenSSL on 31st March 2015 by Johannes Bauer. The\nfix was developed by Dr. Stephen Henson of the OpenSSL development team. \n\nThis issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. The\nfix was developed by Matt Caswell of the OpenSSL development team. It\nexisted in previous OpenSSL versions and was fixed in June 2014. \n\nIf a DTLS peer receives application data between the ChangeCipherSpec\nand Finished messages, buffering of such data may cause an invalid\nfree, resulting in a segmentation fault or potentially, memory\ncorruption. \n\nThis issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThis issue was originally reported on March 28th 2014 in\nhttps://rt.openssl.org/Ticket/Display.html?id=3286 by Praveen\nKariyanahalli, and subsequently by Ivan Fratric and Felix Groebert\n(Google). A fix was developed by zhu qun-ying. \n\nThe fix for this issue can be identified by commits bcc31166 (1.0.1),\nb79e6e3a (1.0.0) and 4b258e73 (0.9.8). \n\nNote\n====\n\nAs per our previous announcements and our Release Strategy\n(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions\n1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these\nreleases will be provided after that date. Users of these releases are advised\nto upgrade. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/about/secpolicy.html\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      },
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      }
    ],
    "trust": 1.89
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-1790",
        "trust": 2.7
      },
      {
        "db": "JUNIPER",
        "id": "JSA10694",
        "trust": 2.0
      },
      {
        "db": "JUNIPER",
        "id": "JSA10733",
        "trust": 2.0
      },
      {
        "db": "BID",
        "id": "75157",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1032564",
        "trust": 1.7
      },
      {
        "db": "MCAFEE",
        "id": "SB10122",
        "trust": 1.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-1790",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132637",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132973",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "132313",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136989",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137201",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169629",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "id": "VAR-201506-0497",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.2242063475
  },
  "last_update_date": "2024-06-17T11:09:37.934000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "openssl-1.0.0s",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56611"
      },
      {
        "title": "openssl-0.9.8zg",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56610"
      },
      {
        "title": "openssl-1.0.2b",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56613"
      },
      {
        "title": "openssl-1.0.1n",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=56612"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2016/07/06/hpe_rushes_out_patch_for_more_than_a_year_of_openssl_vulns/"
      },
      {
        "title": "Red Hat: CVE-2015-1790",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-1790"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2639-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-550",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-550"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720150611\u0027 Advisory Affects Tenable Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2015-07"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150612-openssl"
      },
      {
        "title": "Symantec Security Advisories: SA98 : OpenSSL Security Advisory 11-June-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a7350b0751124b5a44ba8dbd2df71f9f"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=8b701aba68029ec36b631a8e26157a22"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=69e9536e77203a3c76b24dd89f4f9300"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://www.openssl.org/news/secadv_20150611.txt"
      },
      {
        "trust": 2.1,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1115.html"
      },
      {
        "trust": 2.0,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10694"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150612-openssl"
      },
      {
        "trust": 1.7,
        "url": "https://github.com/openssl/openssl/commit/59302b600e8d5b77ef144e447bb046fd7ab72686"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131044"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05184351"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=143654156615516\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/75157"
      },
      {
        "trust": 1.7,
        "url": "https://openssl.org/news/secadv/20150611.txt"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
      },
      {
        "trust": 1.7,
        "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://bto.bluecoat.com/security-advisory/sa98"
      },
      {
        "trust": 1.7,
        "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
      },
      {
        "trust": 1.7,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05353965"
      },
      {
        "trust": 1.7,
        "url": "https://security.gentoo.org/glsa/201506-02"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
      },
      {
        "trust": 1.7,
        "url": "http://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2015-008.txt.asc"
      },
      {
        "trust": 1.7,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10122"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160647.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-june/160436.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.ubuntu.com/usn/usn-2639-1"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032564"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2015/dsa-3287"
      },
      {
        "trust": 1.7,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-1197.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1144-security-advisory-11"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.4,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.3,
        "url": "http://openssl.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022444"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965845"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/13"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733\u0026cat=sirt_1\u0026actp=list"
      },
      {
        "trust": 0.3,
        "url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04739301"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05353965"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05184351"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/bugtraq/2015/aug/135"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022527"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022647"
      },
      {
        "trust": 0.3,
        "url": "http://www.ibm.com/support/docview.wss?uid=isg3t1022724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005313"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962520"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963232"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963954"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965415"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966252"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1022655"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012435"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101013879"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortiguard.com/advisory/fg-ir-15-014/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
      },
      {
        "trust": 0.3,
        "url": "https://downloads.avaya.com/css/p8/documents/101012547"
      },
      {
        "trust": 0.3,
        "url": "https://www.alienvault.com/forums/discussion/5438/security-advisory-alienvault-v5-0-4-addresses-31-vulnerabilities"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962519"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963964"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005375"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962039"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020862"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961800"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961633"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963096"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960713"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964033"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21965401"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020840"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962493"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962623"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=0\u0026uid=swg21963438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959518"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961438"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961569"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963270"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964113"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1005314"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961837"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963498"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964686"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966481"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966484"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966847"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966873"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967384"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968046"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968724"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968871"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970020"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970103"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970667"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971238"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21964030"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963603"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21966381"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.3,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-1790"
      },
      {
        "trust": 0.2,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.2,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2639-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=44733"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hp.com/jp/icewall_patchaccess"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1793"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/swpublishing/mtx-b59b11be53744759a650eadeb4"
      },
      {
        "trust": 0.1,
        "url": "https://www.hp.com/go/sim"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightmanagement"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2019"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2020"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2018"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2021"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/secpolicy.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.openssl.org/about/releasestrat.html),"
      },
      {
        "trust": 0.1,
        "url": "https://rt.openssl.org/ticket/display.html?id=3286"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "db": "BID",
        "id": "75157"
      },
      {
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "date": "2015-06-11T00:00:00",
        "db": "BID",
        "id": "75157"
      },
      {
        "date": "2015-07-10T15:43:15",
        "db": "PACKETSTORM",
        "id": "132637"
      },
      {
        "date": "2015-08-06T10:10:00",
        "db": "PACKETSTORM",
        "id": "132973"
      },
      {
        "date": "2015-06-15T23:37:59",
        "db": "PACKETSTORM",
        "id": "132313"
      },
      {
        "date": "2016-05-13T16:14:13",
        "db": "PACKETSTORM",
        "id": "136989"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2016-05-26T09:22:00",
        "db": "PACKETSTORM",
        "id": "137201"
      },
      {
        "date": "2015-06-11T12:12:12",
        "db": "PACKETSTORM",
        "id": "169629"
      },
      {
        "date": "2015-06-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "date": "2015-06-12T19:59:03.413000",
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-1790"
      },
      {
        "date": "2017-05-23T16:28:00",
        "db": "BID",
        "id": "75157"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      },
      {
        "date": "2022-12-13T12:15:15.290000",
        "db": "NVD",
        "id": "CVE-2015-1790"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL \u2018 PKCS7_dataDecode \u0027function denial of service vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-246"
      }
    ],
    "trust": 0.6
  }
}

var-201608-0276
Vulnerability from variot

Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. FortiManager and FortiAnalyzer are prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. A cross-site scripting vulnerability exists in the web-application in Fortinet FortiManager and FortiAnalyzer. The following versions are affected: Fortinet FortiManager 5.x prior to 5.0.12, 5.2.x prior to 5.2.6, 5.4.x prior to 5.4.1; FortiAnalyzer 5.x prior to 5.0.13, 5.2. 5.2.x prior to 6, 5.4.x prior to 5.4.1

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201608-0276",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.11"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.10"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.1"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.2.3"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.9"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.2.0"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.8"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.4.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.2"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.13"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.x"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.x"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.4.x"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.2.x"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.12"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.4.1"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.2.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.13"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "92458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3193"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "92458"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-3193",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-3193",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-92012",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2016-3193",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-3193",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-297",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-92012",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. FortiManager and FortiAnalyzer are prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessful exploits will allow  attacker-supplied HTML and script code to run in the context of the  affected browser, potentially allowing the attacker to steal  cookie-based authentication credentials or to control how the site is  rendered to the user. Other attacks are also possible. Both Fortinet FortiManager and FortiAnalyzer are products of Fortinet. Fortinet FortiManager is a centralized network security management solution. FortiAnalyzer is a centralized network security reporting solution. A cross-site scripting vulnerability exists in the web-application in Fortinet FortiManager and FortiAnalyzer. The following versions are affected: Fortinet FortiManager 5.x prior to 5.0.12, 5.2.x prior to 5.2.6, 5.4.x prior to 5.4.1; FortiAnalyzer 5.x prior to 5.0.13, 5.2. 5.2.x prior to 6, 5.4.x prior to 5.4.1",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-3193"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "db": "BID",
        "id": "92458"
      },
      {
        "db": "VULHUB",
        "id": "VHN-92012"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-3193",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "92458",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1036550",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-297",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-92012",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92012"
      },
      {
        "db": "BID",
        "id": "92458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ]
  },
  "id": "VAR-201608-0276",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92012"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:05:44.998000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FortiManager and FortiAnalyzer Persistent XSS vulnerability",
        "trust": 0.8,
        "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
      },
      {
        "title": "Fortinet FortiManager  and FortiAnalyzer Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63667"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3193"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/92458"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036550"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3193"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3193"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-92012"
      },
      {
        "db": "BID",
        "id": "92458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-92012"
      },
      {
        "db": "BID",
        "id": "92458"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-3193"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-08-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92012"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "BID",
        "id": "92458"
      },
      {
        "date": "2016-08-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "date": "2016-08-19T21:59:05.463000",
        "db": "NVD",
        "id": "CVE-2016-3193"
      },
      {
        "date": "2016-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-92012"
      },
      {
        "date": "2016-08-09T00:00:00",
        "db": "BID",
        "id": "92458"
      },
      {
        "date": "2016-08-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      },
      {
        "date": "2017-08-16T01:29:06.867000",
        "db": "NVD",
        "id": "CVE-2016-3193"
      },
      {
        "date": "2016-08-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager and  FortiAnalyzer Of appliance  Web Application cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004418"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-297"
      }
    ],
    "trust": 0.6
  }
}

var-201410-0763
Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. FortiManager and FortiAnalyzer are prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to FortiManager and FortiAnalyzer 5.0.7 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201410-0763",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "fortianalyzer",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.6"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "4.3"
      },
      {
        "model": "fortimanager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "3.0"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.5"
      },
      {
        "model": "fortianalyzer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.4"
      },
      {
        "model": "fortimanager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      },
      {
        "model": "fortianalyzer",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "fortinet",
        "version": "5.0.7"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "70890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2335"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1439"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2335"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oded Vanunu and Adi Volkovitz of Check Point Security Research Team.",
    "sources": [
      {
        "db": "BID",
        "id": "70890"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-2335",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2014-2335",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-70274",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-2335",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201410-1439",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-70274",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2335"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1439"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336. FortiManager and FortiAnalyzer are prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nVersions prior to FortiManager and FortiAnalyzer 5.0.7 are vulnerable. Fortinet FortiManager is a centralized network security management platform developed by Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains (ADOMs) to further simplify multi-device security deployment and management",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2335"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      },
      {
        "db": "BID",
        "id": "70890"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70274"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-2335",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "61309",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1439",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "70890",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-70274",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70274"
      },
      {
        "db": "BID",
        "id": "70890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2335"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1439"
      }
    ]
  },
  "id": "VAR-201410-0763",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70274"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:07:54.534000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI",
        "trust": 0.8,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-033/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70274"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2335"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.fortiguard.com/advisory/fg-ir-14-033/"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/61309"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98478"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2335"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2335"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortianalyzer/"
      },
      {
        "trust": 0.3,
        "url": "http://www.fortinet.com/products/fortimanager/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70274"
      },
      {
        "db": "BID",
        "id": "70890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2335"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1439"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-70274"
      },
      {
        "db": "BID",
        "id": "70890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2335"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1439"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-10-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70274"
      },
      {
        "date": "2014-10-30T00:00:00",
        "db": "BID",
        "id": "70890"
      },
      {
        "date": "2014-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      },
      {
        "date": "2014-10-31T14:55:02.860000",
        "db": "NVD",
        "id": "CVE-2014-2335"
      },
      {
        "date": "2014-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1439"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70274"
      },
      {
        "date": "2014-10-30T00:00:00",
        "db": "BID",
        "id": "70890"
      },
      {
        "date": "2014-11-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      },
      {
        "date": "2017-08-29T01:34:30.810000",
        "db": "NVD",
        "id": "CVE-2014-2335"
      },
      {
        "date": "2014-11-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201410-1439"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1439"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fortinet FortiManager of  Web User Interface cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005169"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201410-1439"
      }
    ],
    "trust": 0.6
  }
}

var-201512-0484
Vulnerability from variot

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications.

OpenSSL's handling of X509_ATTRIBUTE has a security vulnerability. A remote attacker can use the vulnerability to send a message containing a special X509_ATTRIBUTE structure to trigger a memory leak. The attacker can obtain sensitive information. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The vulnerability is due to the error caused by the program not correctly handling the malformed X509_ATTRIBUTE data. The following versions are affected: OpenSSL prior to 0.9.8zh, 1.0.0 prior to 1.0.0t, 1.0.1 prior to 1.0.1q, 1.0.2 prior to 1.0.2e. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05398322 Version: 1

HPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX running OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2017-02-21 Last Updated: 2017-02-21

Potential Security Impact: Remote: Denial of Service (DoS), Disclosure of Sensitive Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities with OpenSSL have been addressed for HPE Network products including Comware 5, Comware 7, IMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information.

References:

  • CVE-2015-1794 - Remote Denial of Service (DoS)
  • CVE-2015-3193 - Remote disclosure of sensitive information
  • CVE-2015-3194 - Remote Denial of Service (DoS)
  • CVE-2015-3195 - Remote disclosure of sensitive information
  • CVE-2015-3196 - Remote Denial of Service (DoS)

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  • Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION below for a list of updated products.
  • HPE Intelligent Management Center (iMC) All versions - Please refer to the RESOLUTION below for a list of updated products.
  • VCX Products All versions - Please refer to the RESOLUTION below for a list of updated products.

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2015-1794
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3193
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-2015-3194
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3195
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-2015-3196
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has made the following software updates to resolve the vulnerabilities in the Comware, IMC and VCX products running OpenSSL.

COMWARE 5 Products

  • A6600 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • HSR6602 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JC176A HP 6602 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 (Comware 5) - Version: R3303P28
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • MSR20 (Comware 5) - Version: R2516
    • HP Network Products
    • JD432A HP A-MSR20-21 Router
    • JD662A HP MSR20-20 Router
    • JD663A HP A-MSR20-21 Router
    • JD663B HP MSR20-21 Router
    • JD664A HP MSR20-40 Router
    • JF228A HP MSR20-40 Router
    • JF283A HP MSR20-20 Router
  • MSR20-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JD431A HP MSR20-10 Router
    • JD667A HP MSR20-15 IW Multi-Service Router
    • JD668A HP MSR20-13 Multi-Service Router
    • JD669A HP MSR20-13 W Multi-Service Router
    • JD670A HP MSR20-15 A Multi-Service Router
    • JD671A HP MSR20-15 AW Multi-Service Router
    • JD672A HP MSR20-15 I Multi-Service Router
    • JD673A HP MSR20-11 Multi-Service Router
    • JD674A HP MSR20-12 Multi-Service Router
    • JD675A HP MSR20-12 W Multi-Service Router
    • JD676A HP MSR20-12 T1 Multi-Service Router
    • JF236A HP MSR20-15-I Router
    • JF237A HP MSR20-15-A Router
    • JF238A HP MSR20-15-I-W Router
    • JF239A HP MSR20-11 Router
    • JF240A HP MSR20-13 Router
    • JF241A HP MSR20-12 Router
    • JF806A HP MSR20-12-T Router
    • JF807A HP MSR20-12-W Router
    • JF808A HP MSR20-13-W Router
    • JF809A HP MSR20-15-A-W Router
    • JF817A HP MSR20-15 Router
    • JG209A HP MSR20-12-T-W Router (NA)
    • JG210A HP MSR20-13-W Router (NA)
  • MSR 30 (Comware 5) - Version: R2516
    • HP Network Products
    • JD654A HP MSR30-60 POE Multi-Service Router
    • JD657A HP MSR30-40 Multi-Service Router
    • JD658A HP MSR30-60 Multi-Service Router
    • JD660A HP MSR30-20 POE Multi-Service Router
    • JD661A HP MSR30-40 POE Multi-Service Router
    • JD666A HP MSR30-20 Multi-Service Router
    • JF229A HP MSR30-40 Router
    • JF230A HP MSR30-60 Router
    • JF232A HP RTMSR3040-AC-OVSAS-H3
    • JF235A HP MSR30-20 DC Router
    • JF284A HP MSR30-20 Router
    • JF287A HP MSR30-40 DC Router
    • JF801A HP MSR30-60 DC Router
    • JF802A HP MSR30-20 PoE Router
    • JF803A HP MSR30-40 PoE Router
    • JF804A HP MSR30-60 PoE Router
    • JG728A HP MSR30-20 TAA-compliant DC Router
    • JG729A HP MSR30-20 TAA-compliant Router
  • MSR 30-16 (Comware 5) - Version: R2516
    • HP Network Products
    • JD659A HP MSR30-16 POE Multi-Service Router
    • JD665A HP MSR30-16 Multi-Service Router
    • JF233A HP MSR30-16 Router
    • JF234A HP MSR30-16 PoE Router
  • MSR 30-1X (Comware 5) - Version: R2516
    • HP Network Products
    • JF800A HP MSR30-11 Router
    • JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
    • JG182A HP MSR30-11E Router
    • JG183A HP MSR30-11F Router
    • JG184A HP MSR30-10 DC Router
  • MSR 50 (Comware 5) - Version: R2516
    • HP Network Products
    • JD433A HP MSR50-40 Router
    • JD653A HP MSR50 Processor Module
    • JD655A HP MSR50-40 Multi-Service Router
    • JD656A HP MSR50-60 Multi-Service Router
    • JF231A HP MSR50-60 Router
    • JF285A HP MSR50-40 DC Router
    • JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  • MSR 50-G2 (Comware 5) - Version: R2516
    • HP Network Products
    • JD429A HP MSR50 G2 Processor Module
    • JD429B HP MSR50 G2 Processor Module
  • MSR 9XX (Comware 5) - Version: R2516
    • HP Network Products
    • JF812A HP MSR900 Router
    • JF813A HP MSR920 Router
    • JF814A HP MSR900-W Router
    • JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
    • JG207A HP MSR900-W Router (NA)
    • JG208A HP MSR920-W Router (NA)
  • MSR 93X (Comware 5) - Version: R2516
    • HP Network Products
    • JG511A HP MSR930 Router
    • JG511B HP MSR930 Router
    • JG512A HP MSR930 Wireless Router
    • JG513A HP MSR930 3G Router
    • JG513B HP MSR930 3G Router
    • JG514A HP MSR931 Router
    • JG514B HP MSR931 Router
    • JG515A HP MSR931 3G Router
    • JG516A HP MSR933 Router
    • JG517A HP MSR933 3G Router
    • JG518A HP MSR935 Router
    • JG518B HP MSR935 Router
    • JG519A HP MSR935 Wireless Router
    • JG520A HP MSR935 3G Router
    • JG531A HP MSR931 Dual 3G Router
    • JG531B HP MSR931 Dual 3G Router
    • JG596A HP MSR930 4G LTE/3G CDMA Router
    • JG597A HP MSR936 Wireless Router
    • JG665A HP MSR930 4G LTE/3G WCDMA Global Router
    • JG704A HP MSR930 4G LTE/3G WCDMA ATT Router
    • JH009A HP MSR931 Serial (TI) Router
    • JH010A HP MSR933 G.SHDSL (TI) Router
    • JH011A HP MSR935 ADSL2+ (TI) Router
    • JH012A HP MSR930 Wireless 802.11n (NA) Router
    • JH012B HP MSR930 Wireless 802.11n (NA) Router
    • JH013A HP MSR935 Wireless 802.11n (NA) Router
  • MSR1000 (Comware 5) - Version: See Mitigation
    • HP Network Products
    • JG732A HP MSR1003-8 AC Router
  • 12500 (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JC808A HP 12500 TAA Main Processing Unit
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
  • 9500E (Comware 5) - Version: R1829P02
    • HP Network Products
    • JC124A HP A9508 Switch Chassis
    • JC124B HP 9505 Switch Chassis
    • JC125A HP A9512 Switch Chassis
    • JC125B HP 9512 Switch Chassis
    • JC474A HP A9508-V Switch Chassis
    • JC474B HP 9508-V Switch Chassis
  • 10500 (Comware 5) - Version: R1210P02
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC614A HP 10500 Main Processing Unit
    • JC748A HP 10512 Switch Chassis
    • JG375A HP 10500 TAA-compliant Main Processing Unit
    • JG820A HP 10504 TAA-compliant Switch Chassis
    • JG821A HP 10508 TAA-compliant Switch Chassis
    • JG822A HP 10508-V TAA-compliant Switch Chassis
    • JG823A HP 10512 TAA-compliant Switch Chassis
  • 7500 (Comware 5) - Version: R6710P02
    • HP Network Products
    • JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port Gig-T/4-port GbE Combo
    • JC697A HP 7502 TAA-compliant Main Processing Unit
    • JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8 GbE Combo Ports
    • JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP Ports
    • JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
    • JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
    • JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
    • JD194A HP 7500 384Gbps Fabric Module
    • JD194B HP 7500 384Gbps Fabric Module
    • JD195A HP 7500 384Gbps Advanced Fabric Module
    • JD196A HP 7502 Fabric Module
    • JD220A HP 7500 768Gbps Fabric Module
    • JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
    • JD238A HP 7510 Switch Chassis
    • JD238B HP 7510 Switch Chassis
    • JD239A HP 7506 Switch Chassis
    • JD239B HP 7506 Switch Chassis
    • JD240A HP 7503 Switch Chassis
    • JD240B HP 7503 Switch Chassis
    • JD241A HP 7506-V Switch Chassis
    • JD241B HP 7506-V Switch Chassis
    • JD242A HP 7502 Switch Chassis
    • JD242B HP 7502 Switch Chassis
    • JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
    • JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
    • JE164A HP E7902 Switch Chassis
    • JE165A HP E7903 Switch Chassis
    • JE166A HP E7903 1 Fabric Slot Switch Chassis
    • JE167A HP E7906 Switch Chassis
    • JE168A HP E7906 Vertical Switch Chassis
    • JE169A HP E7910 Switch Chassis
  • 6125G/XG Blade Switch - Version: R2112P05
    • HP Network Products
    • 737220-B21 HP 6125G Blade Switch with TAA
    • 737226-B21 HP 6125G/XG Blade Switch with TAA
    • 658250-B21 HP 6125G/XG Blade Switch Opt Kit
    • 658247-B21 HP 6125G Blade Switch Opt Kit
  • 5830 (Comware 5) - Version: R1118P13
    • HP Network Products
    • JC691A HP 5830AF-48G Switch with 1 Interface Slot
    • JC694A HP 5830AF-96G Switch
    • JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
    • JG374A HP 5830AF-96G TAA-compliant Switch
  • 5800 (Comware 5) - Version: R1810P03
    • HP Network Products
    • JC099A HP 5800-24G-PoE Switch
    • JC099B HP 5800-24G-PoE+ Switch
    • JC100A HP 5800-24G Switch
    • JC100B HP 5800-24G Switch
    • JC101A HP 5800-48G Switch with 2 Slots
    • JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
    • JC103A HP 5800-24G-SFP Switch
    • JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
    • JC104A HP 5800-48G-PoE Switch
    • JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
    • JC105A HP 5800-48G Switch
    • JC105B HP 5800-48G Switch with 1 Interface Slot
    • JG254A HP 5800-24G-PoE+ TAA-compliant Switch
    • JG254B HP 5800-24G-PoE+ TAA-compliant Switch
    • JG255A HP 5800-24G TAA-compliant Switch
    • JG255B HP 5800-24G TAA-compliant Switch
    • JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
    • JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
    • JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
    • JG225A HP 5800AF-48G Switch
    • JG225B HP 5800AF-48G Switch
    • JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
    • JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
    • JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
    • JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots & 1 OAA Slot
    • JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots and 1 OAA Slot
    • JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
    • JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
    • JG219A HP 5820AF-24XG Switch
    • JG219B HP 5820AF-24XG Switch
    • JC102A HP 5820-24XG-SFP+ Switch
    • JC102B HP 5820-24XG-SFP+ Switch
  • 5500 HI (Comware 5) - Version: R5501P21
    • HP Network Products
    • JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
    • JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
    • JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
    • JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
    • JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface Slots
    • JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  • 5500 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD373A HP 5500-24G DC EI Switch
    • JD374A HP 5500-24G-SFP EI Switch
    • JD375A HP 5500-48G EI Switch
    • JD376A HP 5500-48G-PoE EI Switch
    • JD377A HP 5500-24G EI Switch
    • JD378A HP 5500-24G-PoE EI Switch
    • JD379A HP 5500-24G-SFP DC EI Switch
    • JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
    • JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
    • JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
    • JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
    • JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface Slots
  • 4800G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD007A HP 4800-24G Switch
    • JD008A HP 4800-24G-PoE Switch
    • JD009A HP 4800-24G-SFP Switch
    • JD010A HP 4800-48G Switch
    • JD011A HP 4800-48G-PoE Switch
  • 5500SI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JD369A HP 5500-24G SI Switch
    • JD370A HP 5500-48G SI Switch
    • JD371A HP 5500-24G-PoE SI Switch
    • JD372A HP 5500-48G-PoE SI Switch
    • JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
    • JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  • 4500G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF428A HP 4510-48G Switch
    • JF847A HP 4510-24G Switch
  • 5120 EI (Comware 5) - Version: R2221P22
    • HP Network Products
    • JE066A HP 5120-24G EI Switch
    • JE067A HP 5120-48G EI Switch
    • JE068A HP 5120-24G EI Switch with 2 Interface Slots
    • JE069A HP 5120-48G EI Switch with 2 Interface Slots
    • JE070A HP 5120-24G-PoE EI 2-slot Switch
    • JE071A HP 5120-48G-PoE EI 2-slot Switch
    • JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
    • JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
    • JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
    • JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
    • JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
    • JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  • 4210G (Comware 5) - Version: R2221P22
    • HP Network Products
    • JF844A HP 4210-24G Switch
    • JF845A HP 4210-48G Switch
    • JF846A HP 4210-24G-PoE Switch
  • 5120 SI (Comware 5) - Version: R1517
    • HP Network Products
    • JE072A HP 5120-48G SI Switch
    • JE072B HPE 5120 48G SI Switch
    • JE073A HP 5120-16G SI Switch
    • JE073B HPE 5120 16G SI Switch
    • JE074A HP 5120-24G SI Switch
    • JE074B HPE 5120 24G SI Switch
    • JG091A HP 5120-24G-PoE+ (370W) SI Switch
    • JG091B HPE 5120 24G PoE+ (370W) SI Switch
    • JG092A HP 5120-24G-PoE+ (170W) SI Switch
    • JG309B HPE 5120 8G PoE+ (180W) SI Switch
    • JG310B HPE 5120 8G PoE+ (65W) SI Switch
  • 3610 (Comware 5) - Version: R5319P15
    • HP Network Products
    • JD335A HP 3610-48 Switch
    • JD336A HP 3610-24-4G-SFP Switch
    • JD337A HP 3610-24-2G-2G-SFP Switch
    • JD338A HP 3610-24-SFP Switch
  • 3600V2 (Comware 5) - Version: R2111P01
    • HP Network Products
    • JG299A HP 3600-24 v2 EI Switch
    • JG299B HP 3600-24 v2 EI Switch
    • JG300A HP 3600-48 v2 EI Switch
    • JG300B HP 3600-48 v2 EI Switch
    • JG301A HP 3600-24-PoE+ v2 EI Switch
    • JG301B HP 3600-24-PoE+ v2 EI Switch
    • JG301C HP 3600-24-PoE+ v2 EI Switch
    • JG302A HP 3600-48-PoE+ v2 EI Switch
    • JG302B HP 3600-48-PoE+ v2 EI Switch
    • JG302C HP 3600-48-PoE+ v2 EI Switch
    • JG303A HP 3600-24-SFP v2 EI Switch
    • JG303B HP 3600-24-SFP v2 EI Switch
    • JG304A HP 3600-24 v2 SI Switch
    • JG304B HP 3600-24 v2 SI Switch
    • JG305A HP 3600-48 v2 SI Switch
    • JG305B HP 3600-48 v2 SI Switch
    • JG306A HP 3600-24-PoE+ v2 SI Switch
    • JG306B HP 3600-24-PoE+ v2 SI Switch
    • JG306C HP 3600-24-PoE+ v2 SI Switch
    • JG307A HP 3600-48-PoE+ v2 SI Switch
    • JG307B HP 3600-48-PoE+ v2 SI Switch
    • JG307C HP 3600-48-PoE+ v2 SI Switch
  • 3100V2 (Comware 5) - Version: R5213P01
    • HP Network Products
    • JD313B HPE 3100 24 PoE v2 EI Switch
    • JD318B HPE 3100 8 v2 EI Switch
    • JD319B HPE 3100 16 v2 EI Switch
    • JD320B HPE 3100 24 v2 EI Switch
    • JG221A HPE 3100 8 v2 SI Switch
    • JG222A HPE 3100 16 v2 SI Switch
    • JG223A HPE 3100 24 v2 SI Switch
  • HP870 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG723A HP 870 Unified Wired-WLAN Appliance
    • JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  • HP850 (Comware 5) - Version: R2607P51
    • HP Network Products
    • JG722A HP 850 Unified Wired-WLAN Appliance
    • JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  • HP830 (Comware 5) - Version: R3507P51
    • HP Network Products
    • JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
    • JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
    • JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
    • JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  • HP6000 (Comware 5) - Version: R2507P44
    • HP Network Products
    • JG639A HP 10500/7500 20G Unified Wired-WLAN Module
    • JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  • WX5004-EI (Comware 5) - Version: R2507P44
    • HP Network Products
    • JD447B HP WX5002 Access Controller
    • JD448A HP WX5004 Access Controller
    • JD448B HP WX5004 Access Controller
    • JD469A HP WX5004 Access Controller
  • SecBlade FW (Comware 5) - Version: R3181P07
    • HP Network Products
    • JC635A HP 12500 VPN Firewall Module
    • JD245A HP 9500 VPN Firewall Module
    • JD249A HP 10500/7500 Advanced VPN Firewall Module
    • JD250A HP 6600 Firewall Processing Router Module
    • JD251A HP 8800 Firewall Processing Module
    • JD255A HP 5820 VPN Firewall Module
  • F1000-E (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JD272A HP F1000-E VPN Firewall Appliance
  • F1000-A-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG214A HP F1000-A-EI VPN Firewall Appliance
  • F1000-S-EI (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG213A HP F1000-S-EI VPN Firewall Appliance
  • F5000-A (Comware 5) - Version: F3210P26
    • HP Network Products
    • JD259A HP A5000-A5 VPN Firewall Chassis
    • JG215A HP F5000 Firewall Main Processing Unit
    • JG216A HP F5000 Firewall Standalone Chassis
  • U200S and CS (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD273A HP U200-S UTM Appliance
  • U200A and M (Comware 5) - Version: F5123P33
    • HP Network Products
    • JD275A HP U200-A UTM Appliance
  • F5000-C/S (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG650A HP F5000-C VPN Firewall Appliance
    • JG370A HP F5000-S VPN Firewall Appliance
  • SecBlade III (Comware 5) - Version: TBD still fixing
    • HP Network Products
    • JG371A HP 12500 20Gbps VPN Firewall Module
    • JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  • 6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JC566A HP 6600 RSE-X1 Router Main Processing Unit
    • JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  • 6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC165A HP 6600 RPE-X1 Router Module
    • JC177A HP 6608 Router
    • JC177B HPE FlexNetwork 6608 Router Chassis
    • JC178A HPE FlexNetwork 6604 Router Chassis
    • JC178B HPE FlexNetwork 6604 Router Chassis
    • JC496A HPE FlexNetwork 6616 Router Chassis
    • JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  • 6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC176A HP 6602 Router Chassis
  • HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JC177A HP 6608 Router
    • JC177B HP 6608 Router Chassis
    • JC178A HP 6604 Router Chassis
    • JC178B HP 6604 Router Chassis
    • JC496A HP 6616 Router Chassis
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG355A HP 6600 MCP-X1 Router Main Processing Unit
    • JG356A HP 6600 MCP-X2 Router Main Processing Unit
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
    • JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  • HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  • SMB1910 (Comware 5) - Version: R1113
    • HP Network Products
    • JG540A HP 1910-48 Switch
    • JG539A HP 1910-24-PoE+ Switch
    • JG538A HP 1910-24 Switch
    • JG537A HP 1910-8 -PoE+ Switch
    • JG536A HP 1910-8 Switch
  • SMB1920 (Comware 5) - Version: R1112
    • HP Network Products
    • JG928A HP 1920-48G-PoE+ (370W) Switch
    • JG927A HP 1920-48G Switch
    • JG926A HP 1920-24G-PoE+ (370W) Switch
    • JG925A HP 1920-24G-PoE+ (180W) Switch
    • JG924A HP 1920-24G Switch
    • JG923A HP 1920-16G Switch
    • JG922A HP 1920-8G-PoE+ (180W) Switch
    • JG921A HP 1920-8G-PoE+ (65W) Switch
    • JG920A HP 1920-8G Switch
  • V1910 (Comware 5) - Version: R1517P01
    • HP Network Products
    • JE005A HP 1910-16G Switch
    • JE006A HP 1910-24G Switch
    • JE007A HP 1910-24G-PoE (365W) Switch
    • JE008A HP 1910-24G-PoE(170W) Switch
    • JE009A HP 1910-48G Switch
    • JG348A HP 1910-8G Switch
    • JG349A HP 1910-8G-PoE+ (65W) Switch
    • JG350A HP 1910-8G-PoE+ (180W) Switch
  • SMB 1620 (Comware 5) - Version: R1110
    • HP Network Products
    • JG914A HP 1620-48G Switch
    • JG913A HP 1620-24G Switch
    • JG912A HP 1620-8G Switch
  • NJ5000 - Version: R1107
    • HP Network Products
    • JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack

COMWARE 7 Products

  • 12500 (Comware 7) - Version: R7377
    • HP Network Products
    • JC072B HP 12500 Main Processing Unit
    • JC085A HP A12518 Switch Chassis
    • JC086A HP A12508 Switch Chassis
    • JC652A HP 12508 DC Switch Chassis
    • JC653A HP 12518 DC Switch Chassis
    • JC654A HP 12504 AC Switch Chassis
    • JC655A HP 12504 DC Switch Chassis
    • JF430A HP A12518 Switch Chassis
    • JF430B HP 12518 Switch Chassis
    • JF430C HP 12518 AC Switch Chassis
    • JF431A HP A12508 Switch Chassis
    • JF431B HP 12508 Switch Chassis
    • JF431C HP 12508 AC Switch Chassis
    • JG497A HP 12500 MPU w/Comware V7 OS
    • JG782A HP FF 12508E AC Switch Chassis
    • JG783A HP FF 12508E DC Switch Chassis
    • JG784A HP FF 12518E AC Switch Chassis
    • JG785A HP FF 12518E DC Switch Chassis
    • JG802A HP FF 12500E MPU
  • 10500 (Comware 7) - Version: R7180
    • HP Network Products
    • JC611A HP 10508-V Switch Chassis
    • JC612A HP 10508 Switch Chassis
    • JC613A HP 10504 Switch Chassis
    • JC748A HP 10512 Switch Chassis
    • JG608A HP FlexFabric 11908-V Switch Chassis
    • JG609A HP FlexFabric 11900 Main Processing Unit
    • JG820A HP 10504 TAA Switch Chassis
    • JG821A HP 10508 TAA Switch Chassis
    • JG822A HP 10508-V TAA Switch Chassis
    • JG823A HP 10512 TAA Switch Chassis
    • JG496A HP 10500 Type A MPU w/Comware v7 OS
    • JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating System
    • JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System Main Processing Unit
  • 12900 (Comware 7) - Version: R1150
    • HP Network Products
    • JG619A HP FlexFabric 12910 Switch AC Chassis
    • JG621A HP FlexFabric 12910 Main Processing Unit
    • JG632A HP FlexFabric 12916 Switch AC Chassis
    • JG634A HP FlexFabric 12916 Main Processing Unit
    • JH104A HP FlexFabric 12900E Main Processing Unit
    • JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
    • JH263A HP FlexFabric 12904E Main Processing Unit
    • JH255A HP FlexFabric 12908E Switch Chassis
    • JH262A HP FlexFabric 12904E Switch Chassis
    • JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
    • JH103A HP FlexFabric 12916E Switch Chassis
  • 5900 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JC772A HP 5900AF-48XG-4QSFP+ Switch
    • JG296A HP 5920AF-24XG Switch
    • JG336A HP 5900AF-48XGT-4QSFP+ Switch
    • JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
    • JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
    • JG555A HP 5920AF-24XG TAA Switch
    • JG838A HP FF 5900CP-48XG-4QSFP+ Switch
    • JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
    • JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
    • JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  • MSR1000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG875A HP MSR1002-4 AC Router
    • JH060A HP MSR1003-8S AC Router
  • MSR2000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG411A HP MSR2003 AC Router
    • JG734A HP MSR2004-24 AC Router
    • JG735A HP MSR2004-48 Router
    • JG866A HP MSR2003 TAA-compliant AC Router
  • MSR3000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG404A HP MSR3064 Router
    • JG405A HP MSR3044 Router
    • JG406A HP MSR3024 AC Router
    • JG407A HP MSR3024 DC Router
    • JG408A HP MSR3024 PoE Router
    • JG409A HP MSR3012 AC Router
    • JG410A HP MSR3012 DC Router
    • JG861A HP MSR3024 TAA-compliant AC Router
  • MSR4000 (Comware 7) - Version: R0306P12
    • HP Network Products
    • JG402A HP MSR4080 Router Chassis
    • JG403A HP MSR4060 Router Chassis
    • JG412A HP MSR4000 MPU-100 Main Processing Unit
    • JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  • VSR (Comware 7) - Version: E0322P01
    • HP Network Products
    • JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation Software
    • JG811AAE HP VSR1001 Comware 7 Virtual Services Router
    • JG812AAE HP VSR1004 Comware 7 Virtual Services Router
    • JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  • 7900 (Comware 7) - Version: R2150
    • HP Network Products
    • JG682A HP FlexFabric 7904 Switch Chassis
    • JG841A HP FlexFabric 7910 Switch Chassis
    • JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
    • JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
    • JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
    • JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
    • JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main Processing Unit
    • JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main Processing Unit
  • 5130 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG932A HP 5130-24G-4SFP+ EI Switch
    • JG933A HP 5130-24G-SFP-4SFP+ EI Switch
    • JG934A HP 5130-48G-4SFP+ EI Switch
    • JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
    • JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
    • JG938A HP 5130-24G-2SFP+-2XGT EI Switch
    • JG939A HP 5130-48G-2SFP+-2XGT EI Switch
    • JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
    • JG975A HP 5130-24G-4SFP+ EI Brazil Switch
    • JG976A HP 5130-48G-4SFP+ EI Brazil Switch
    • JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
    • JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  • 6125XLG - Version: R2432P01
    • HP Network Products
    • 711307-B21 HP 6125XLG Blade Switch
    • 737230-B21 HP 6125XLG Blade Switch with TAA
  • 6127XLG - Version: R2432P01
    • HP Network Products
    • 787635-B21 HP 6127XLG Blade Switch Opt Kit
    • 787635-B22 HP 6127XLG Blade Switch with TAA
  • Moonshot - Version: R2432P01
    • HP Network Products
    • 786617-B21 - HP Moonshot-45Gc Switch Module
    • 704654-B21 - HP Moonshot-45XGc Switch Module
    • 786619-B21 - HP Moonshot-180XGc Switch Module
  • 5700 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
    • JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
    • JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
    • JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
    • JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
    • JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  • 5930 (Comware 7) - Version: R2432P01
    • HP Network Products
    • JG726A HP FlexFabric 5930 32QSFP+ Switch
    • JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
    • JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
    • JH179A HP FlexFabric 5930 4-slot Switch
    • JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
    • JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  • HSR6600 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG353A HP HSR6602-G Router
    • JG354A HP HSR6602-XG Router
    • JG776A HP HSR6602-G TAA-compliant Router
    • JG777A HP HSR6602-XG TAA-compliant Router
  • HSR6800 (Comware 7) - Version: R7103P09
    • HP Network Products
    • JG361A HP HSR6802 Router Chassis
    • JG361B HP HSR6802 Router Chassis
    • JG362A HP HSR6804 Router Chassis
    • JG362B HP HSR6804 Router Chassis
    • JG363A HP HSR6808 Router Chassis
    • JG363B HP HSR6808 Router Chassis
    • JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
    • JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
    • JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  • 1950 (Comware 7) - Version: R3113P02
    • HP Network Products
    • JG960A HP 1950-24G-4XG Switch
    • JG961A HP 1950-48G-2SFP+-2XGT Switch
    • JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
    • JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  • 7500 (Comware 7) - Version: R7180
    • HP Network Products
    • JD238C HP 7510 Switch Chassis
    • JD239C HP 7506 Switch Chassis
    • JD240C HP 7503 Switch Chassis
    • JD242C HP 7502 Switch Chassis
    • JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only Main Processing Unit
    • JH208A HP 7502 Main Processing Unit
    • JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port 40GbE QSFP+ Main Processing Unit
  • 5510HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch
    • JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch
    • JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch
    • JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch
    • JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch
  • 5130HI (Comware 7) - Version: R1120
    • HP Network Products
    • JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch
    • JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch
    • JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch
    • JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch

iMC Products

  • IMC PLAT - Version: 7.2 E0403P04
    • HP Network Products
    • JD125A HP IMC Std S/W Platform w/100-node
    • JD126A HP IMC Ent S/W Platform w/100-node
    • JD808A HP IMC Ent Platform w/100-node License
    • JD814A HP A-IMC Enterprise Edition Software DVD Media
    • JD815A HP IMC Std Platform w/100-node License
    • JD816A HP A-IMC Standard Edition Software DVD Media
    • JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU
    • JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU
    • JF377A HP IMC Std S/W Platform w/100-node Lic
    • JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU
    • JF378A HP IMC Ent S/W Platform w/200-node Lic
    • JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU
    • JG546AAE HP IMC Basic SW Platform w/50-node E-LTU
    • JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
    • JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU
    • JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU
    • JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU
    • JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU
  • IMC iNode - Version: 7.2 E0407
    • HP Network Products
    • JD144A HP A-IMC User Access Management Software Module with 200-user License
    • JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JD435A HP A-IMC Endpoint Admission Defense Client Software
    • JF388A HP IMC User Authentication Management Software Module with 200-user License
    • JF388AAE HP IMC User Authentication Management Software Module with 200-user E-LTU
    • JF391A HP IMC Endpoint Admission Defense Software Module with 200-user License
    • JF391AAE HP IMC Endpoint Admission Defense Software Module with 200-user E-LTU
    • JG752AAE HP IMC User Access Manager Software Module with 50-user E-LTU
    • JG754AAE) HP IMC Endpoint Admission Defense Software Module with 50-user E-LTU
  • iMC UAM_TAM - Version: 7.1 E0406
    • HP Network Products
    • JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE
    • JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU
    • JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU
    • JG483A HP IMC TAM S/W MODULE W/100-NODE LIC
    • JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU
    • JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU
  • IMC WSM - Version: 7.2 E0502P04
    • HP Network Products
    • JD456A HP IMC WSM Software Module with 50-Access Point License
    • JF414A HP IMC Wireless Service Manager Software Module with 50-Access Point License
    • JF414AAE HP IMC Wireless Service Manager Software Module with 50-Access Point E-LTU
    • JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager Module Upgrade with 250 Access Point E-LTU
    • JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU
    • JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg with 250-node E-LTU

VCX Products

  • VCX - Version: 9.8.19
    • HP Network Products
    • J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr
    • J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr
    • JC517A HP VCX V7205 Platform w/DL 360 G6 Server
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JC516A HP VCX V7005 Platform w/DL 120 G6 Server
    • JC518A HP VCX Connect 200 Primry 120 G6 Server
    • J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr
    • JE341A HP VCX Connect 100 Secondary
    • JE252A HP VCX Connect Primary MIM Module
    • JE253A HP VCX Connect Secondary MIM Module
    • JE254A HP VCX Branch MIM Module
    • JE355A HP VCX V6000 Branch Platform 9.0
    • JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod
    • JD023A HP MSR30-40 Router with VCX MIM Module
    • JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM
    • JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod
    • JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod
    • JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod
    • JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS
    • JE340A HP VCX Connect 100 Pri Server 9.0
    • JE342A HP VCX Connect 100 Sec Server 9.0

Note: Please contact HPE Technical Support if any assistance is needed acquiring the software updates.

HISTORY Version:1 (rev.1) - 21 February 2017 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

References:

CVE-2007-6750 CVE-2011-4969 CVE-2014-3508 CVE-2014-3509 CVE-2014-3511 CVE-2014-3513 CVE-2014-3569 CVE-2014-3568 CVE-2014-3567 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-0205 CVE-2015-3194 CVE-2015-3195 CVE-2015-3237 CVE-2015-6565 CVE-2015-7501 CVE-2015-7547 CVE-2015-7995 CVE-2015-8035 CVE-2016-0705 CVE-2016-0728 CVE-2016-0799 CVE-2016-2015 CVE-2016-2017 CVE-2016-2018 CVE-2016-2019 CVE-2016-2020 CVE-2016-2021 CVE-2016-2022 CVE-2016-2024 CVE-2016-2030 CVE-2016-2842 PSRT110092 PSRT110093 PSRT110094 PSRT110095 PSRT110096 PSRT110138

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7 Advisory ID: RHSA-2016:2054-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2054.html Issue date: 2016-10-12 CVE Names: CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 =====================================================================

  1. Summary:

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.10 natives, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64

  1. Description:

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.

This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

Security Fix(es):

  • A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108)

  • Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183)

  • A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. (CVE-2015-3195)

  • A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. (CVE-2015-4000)

  • An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105)

  • An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2106)

  • It was discovered that it is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). (CVE-2016-3110)

  • A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109)

  • It was discovered that specifying configuration with a JVMRoute path longer than 80 characters will cause segmentation fault leading to a server crash. (CVE-2016-4459)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno BAPck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105 and CVE-2016-2106.

  1. Solution:

Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks 1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser 1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server 1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data 1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder 1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow 1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow 1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute 1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1 1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1 1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34

  1. Package List:

Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:

Source: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm httpd22-2.2.26-56.ep6.el7.src.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm mod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm

noarch: jbcs-httpd24-1-3.jbcs.el7.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm

ppc64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm httpd22-2.2.26-56.ep6.el7.ppc64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm httpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm httpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm httpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm mod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm mod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm

x86_64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm hornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm httpd22-2.2.26-56.ep6.el7.x86_64.rpm httpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm httpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm httpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm httpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm jbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm mod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm mod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm mod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm tomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm tomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2015-3183 https://access.redhat.com/security/cve/CVE-2015-3195 https://access.redhat.com/security/cve/CVE-2015-4000 https://access.redhat.com/security/cve/CVE-2016-2105 https://access.redhat.com/security/cve/CVE-2016-2106 https://access.redhat.com/security/cve/CVE-2016-2108 https://access.redhat.com/security/cve/CVE-2016-2109 https://access.redhat.com/security/cve/CVE-2016-3110 https://access.redhat.com/security/cve/CVE-2016-4459 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/2688611 https://access.redhat.com/solutions/222023 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=6.4

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0 n7n6E5uqbAY0W1AG5Z+9yy8= =6ET2 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002

OS X El Capitan 10.11.4 and Security Update 2016-002 is now available and addresses the following:

apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš

AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team

AppleRAID Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team

AppleUSBNetworking Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of data from USB devices. This issue was addressed through improved input validation. CVE-ID CVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path

Bluetooth Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1735 : Jeonghoon Shin@A.D.D CVE-2016-1736 : beist and ABH of BoB

Carbon Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .dfont file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2016-1737 : an anonymous researcher

dyld Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker may tamper with code-signed applications to execute arbitrary code in the application's context Description: A code signing verification issue existed in dyld. This issue was addressed with improved validation. CVE-ID CVE-2016-1738 : beist and ABH of BoB

FontParser Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI)

HTTPProtocol Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659

Intel Graphics Driver Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1743 : Piotr Bania of Cisco Talos CVE-2016-1744 : Ian Beer of Google Project Zero

IOFireWireFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to cause a denial of service Description: A null pointer dereference was addressed through improved validation. CVE-ID CVE-2016-1745 : sweetchip of Grayhash

IOGraphics Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed through improved input validation. CVE-ID CVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

IOHIDFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad

IOUSBFamily Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition existed during the creation of new processes. This was addressed through improved state handling. CVE-ID CVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference was addressed through improved input validation. CVE-ID CVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team

Kernel Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero CVE-2016-1759 : lokihardt

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed through improved input validation. CVE-ID CVE-2016-1758 : Brandon Azad

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI)

Kernel Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1761 : wol0xff working with Trend Micro's Zero Day Initiative (ZDI) CVE-2016-1762

Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker who is able to bypass Apple's certificate pinning, intercept TLS connections, inject messages, and record encrypted attachment-type messages may be able to read attachments Description: A cryptographic issue was addressed by rejecting duplicate messages on the client. CVE-ID CVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk, Ian Miers, and Michael Rushanan of Johns Hopkins University

Messages Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a JavaScript link can reveal sensitive user information Description: An issue existed in the processing of JavaScript links. This issue was addressed through improved content security policy checks. CVE-ID CVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of Bishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox

NVIDIA Graphics Drivers Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1741 : Ian Beer of Google Project Zero

OpenSSH Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Connecting to a server may leak sensitive user information, such as a client's private keys Description: Roaming, which was on by default in the OpenSSH client, exposed an information leak and a buffer overflow. These issues were addressed by disabling roaming in the client. CVE-ID CVE-2016-0777 : Qualys CVE-2016-0778 : Qualys

OpenSSH Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 : Qualys CVE-2015-5334 : Qualys

OpenSSL Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A remote attacker may be able to cause a denial of service Description: A memory leak existed in OpenSSL versions prior to 0.9.8zh. This issue was addressed by updating OpenSSL to version 0.9.8zh. CVE-ID CVE-2015-3195

Python Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by updating libpng to version 1.6.20. CVE-ID CVE-2014-9495 CVE-2015-0973 CVE-2015-8126 : Adam Mariš CVE-2015-8472 : Adam Mariš

QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted FlashPix Bitmap Image may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1767 : Francis Provencher from COSIG CVE-2016-1768 : Francis Provencher from COSIG

QuickTime Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted Photoshop document may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1769 : Francis Provencher from COSIG

Reminders Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Clicking a tel link can make a call without prompting the user Description: A user was not prompted before invoking a call. This was addressed through improved entitlement checks. CVE-ID CVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of Laurent.ca

Ruby Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: An unsafe tainted string usage vulnerability existed in versions prior to 2.0.0-p648. This issue was addressed by updating to version 2.0.0-p648. CVE-ID CVE-2015-7551

Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: A local user may be able to check for the existence of arbitrary files Description: A permissions issue existed in code signing tools. This was addressed though additional ownership checks. CVE-ID CVE-2016-1773 : Mark Mentovai of Google Inc.

Security Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab

Tcl Available for:
OS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted .png file may lead to arbitrary code execution Description: Multiple vulnerabilities existed in libpng versions prior to 1.6.20. These were addressed by removing libpng. CVE-ID CVE-2015-8126 : Adam Mariš

TrueTypeScaler Available for: OS X El Capitan v10.11 to v10.11.3 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI)

Wi-Fi Available for: OS X El Capitan v10.11 to v10.11.3 Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher

OS X El Capitan 10.11.4 includes the security content of Safari 9.1. https://support.apple.com/kb/HT206171

OS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6 ARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w HiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l Jy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau /71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi UhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng O+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78 juPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF i9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP Izo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X qlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q VZmOKa8qMxB1L/JmdCqy =mZR+ -----END PGP SIGNATURE----- .

The References section of this erratum contains a download link (you must log in to download the update). (CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2177, CVE-2016-2178, CVE-2016-2842)

  • This update fixes several flaws in libxml2. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)

  • This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420, CVE-2016-7141)

  • This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)

  • This update fixes two flaws in mod_cluster. (CVE-2016-4459, CVE-2016-8612)

  • A buffer overflow flaw when concatenating virtual host names and URIs was fixed in mod_jk. (CVE-2016-6808)

  • A memory leak flaw was fixed in expat.

After installing the updated packages, the httpd daemon will be restarted automatically. JIRA issues fixed (https://issues.jboss.org/):

JBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0] JBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service

  1. 5 client) - i386, x86_64

  2. Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. The Common Vulnerabilities and Exposures project identifies the following issues:

CVE-2015-3194

Loic Jonas Etienne of Qnective AG discovered that the signature
verification routines will crash with a NULL pointer dereference if
presented with an ASN.1 signature using the RSA PSS algorithm and
absent mask generation function parameter. A remote attacker can
exploit this flaw to crash any certificate verification operation
and mount a denial of service attack.

CVE-2015-3196

A race condition flaw in the handling of PSK identify hints was
discovered, potentially leading to a double free of the identify
hint data.

For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u18.

For the stable distribution (jessie), these problems have been fixed in version 1.0.1k-3+deb8u2.

For the unstable distribution (sid), these problems have been fixed in version 1.0.2e-1 or earlier

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0484",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6.2"
      },
      {
        "model": "transportation management",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "6.1"
      },
      {
        "model": "sun ray software",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.1"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "1.0"
      },
      {
        "model": "exalogic infrastructure",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "2.0"
      },
      {
        "model": "life sciences data hub",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "2.1"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.1.2.4.0"
      },
      {
        "model": "api gateway",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "11.1.2.3.0"
      },
      {
        "model": "1.0.1",
        "scope": null,
        "trust": 1.2,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.04"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "15.10"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "vm server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.1"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "22"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "11.4"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "14.04"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.2"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.11.4"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "12.04"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.14"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "13.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "0.9.8zh"
      },
      {
        "model": "vm virtualbox",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "5.0.0"
      },
      {
        "model": "integrated lights out manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "7.0"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "integrated lights out manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.0.4"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.1"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "11.3"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "communications webrtc session controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "7.1"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "vm virtualbox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "4.3.36"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.7"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.0t"
      },
      {
        "model": "openssl",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.53"
      },
      {
        "model": "hpe systems insight manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "sun blade 6000 ethernet switched nem 24p 10ge",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.55"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.11 to  10.11.3"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.7.10 and earlier"
      },
      {
        "model": "hpe server migration pack",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "communications applications",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "of  oracle enterprise session border controller ecz7.3m1p4 and earlier"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.6.28 and earlier"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "none"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.1q"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.54"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "4.4.1.5.0"
      },
      {
        "model": "hpe version control repository manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.2.2"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "15.2"
      },
      {
        "model": "hpe matrix operating environment",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "switch es1-24",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.3"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.0.2.0"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.2.0.0"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.4"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.0t"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.3.2"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2e"
      },
      {
        "model": "40g 10g 72/64 ethernet switch",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2.0.0"
      },
      {
        "model": "openssl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "openssl",
        "version": "1.0.2"
      },
      {
        "model": "jd edwards enterpriseone tools",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2.0.5"
      },
      {
        "model": "primavera p6 enterprise project portfolio management",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "15.1"
      },
      {
        "model": "system management homepage",
        "scope": null,
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": null
      },
      {
        "model": "sun network 10ge switch 72p",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "1.2"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.0.1.0"
      },
      {
        "model": "enterprise manager ops center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "12.1.4"
      },
      {
        "model": "communications network charging and control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "5.0.1.0.0"
      },
      {
        "model": "hpe insight control",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard",
        "version": "server provisioning"
      },
      {
        "model": "\u003c0.9.8zh",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "1.0.2",
        "scope": null,
        "trust": 0.6,
        "vendor": "openssl",
        "version": null
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0k"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0s"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0j"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0r"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0q"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0m"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0l"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0n"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0o"
      },
      {
        "model": "openssl",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "openssl",
        "version": "1.0.0i"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:sun_ray_software:11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:transportation_management:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:life_sciences_data_hub:2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:transportation_management:6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:exalogic_infrastructure:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.14",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.36",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:http_server:11.5.10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:oracle:integrated_lights_out_manager_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.4",
                "versionStartIncluding": "3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.9.8zh",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.0t",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.1q",
                "versionStartIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.2e",
                "versionStartIncluding": "1.0.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2015-3195",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-3195",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-07950",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-81156",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-3195",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3195",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3195",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-07950",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-075",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81156",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-3195",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. OpenSSL is an open source SSL implementation used to implement high-strength encryption of network communications. \n\nOpenSSL\u0027s handling of X509_ATTRIBUTE has a security vulnerability. A remote attacker can use the vulnerability to send a message containing a special X509_ATTRIBUTE structure to trigger a memory leak. The attacker can obtain sensitive information. It supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, security hashing algorithm, etc. The vulnerability is due to the error caused by the program not correctly handling the malformed X509_ATTRIBUTE data. The following versions are affected: OpenSSL prior to 0.9.8zh, 1.0.0 prior to 1.0.0t, 1.0.1 prior to 1.0.1q, 1.0.2 prior to 1.0.2e. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05398322\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c05398322\nVersion: 1\n\nHPESBHF03709 rev.1 - HPE Network products including Comware, IMC, and VCX\nrunning OpenSSL, Remote Denial of Service (DoS), Disclosure of Sensitive\nInformation\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-02-21\nLast Updated: 2017-02-21\n\nPotential Security Impact: Remote: Denial of Service (DoS), Disclosure of\nSensitive Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities with OpenSSL have been addressed for HPE\nNetwork products including Comware 5, Comware 7, IMC, and VCX. The\nvulnerabilities could be remotely exploited resulting in Denial of Service\n(DoS) or disclosure of sensitive information. \n\nReferences:\n\n  - CVE-2015-1794 - Remote Denial of Service (DoS)\n  - CVE-2015-3193 - Remote disclosure of sensitive information\n  - CVE-2015-3194 - Remote Denial of Service (DoS)\n  - CVE-2015-3195 - Remote disclosure of sensitive information\n  - CVE-2015-3196 - Remote Denial of Service (DoS)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - Comware 5 (CW5) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - Comware 7 (CW7) Products All versions - Please refer to the RESOLUTION\nbelow for a list of updated products. \n  - HPE Intelligent Management Center (iMC) All versions - Please refer to\nthe RESOLUTION below for a list of updated products. \n  - VCX Products All versions - Please refer to the RESOLUTION below for a\nlist of updated products. \n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2015-1794\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3193\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n    CVE-2015-3194\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3195\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n    CVE-2015-3196\n      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n      4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has made the following software updates to resolve the vulnerabilities in\nthe Comware, IMC and VCX products running OpenSSL. \n\n\n**COMWARE 5 Products**\n\n  + **A6600 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **HSR6602 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 (Comware 5) - Version: R3303P28**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **MSR20 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD432A HP A-MSR20-21 Router\n      - JD662A HP MSR20-20 Router\n      - JD663A HP A-MSR20-21 Router\n      - JD663B HP MSR20-21 Router\n      - JD664A HP MSR20-40 Router\n      - JF228A HP MSR20-40 Router\n      - JF283A HP MSR20-20 Router\n  + **MSR20-1X  (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD431A HP MSR20-10 Router\n      - JD667A HP MSR20-15 IW Multi-Service Router\n      - JD668A HP MSR20-13 Multi-Service Router\n      - JD669A HP MSR20-13 W Multi-Service Router\n      - JD670A HP MSR20-15 A Multi-Service Router\n      - JD671A HP MSR20-15 AW Multi-Service Router\n      - JD672A HP MSR20-15 I Multi-Service Router\n      - JD673A HP MSR20-11 Multi-Service Router\n      - JD674A HP MSR20-12 Multi-Service Router\n      - JD675A HP MSR20-12 W Multi-Service Router\n      - JD676A HP MSR20-12 T1 Multi-Service Router\n      - JF236A HP MSR20-15-I Router\n      - JF237A HP MSR20-15-A Router\n      - JF238A HP MSR20-15-I-W Router\n      - JF239A HP MSR20-11 Router\n      - JF240A HP MSR20-13 Router\n      - JF241A HP MSR20-12 Router\n      - JF806A HP MSR20-12-T Router\n      - JF807A HP MSR20-12-W Router\n      - JF808A HP MSR20-13-W Router\n      - JF809A HP MSR20-15-A-W Router\n      - JF817A HP MSR20-15 Router\n      - JG209A HP MSR20-12-T-W Router (NA)\n      - JG210A HP MSR20-13-W Router (NA)\n  + **MSR 30 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD654A HP MSR30-60 POE Multi-Service Router\n      - JD657A HP MSR30-40 Multi-Service Router\n      - JD658A HP MSR30-60 Multi-Service Router\n      - JD660A HP MSR30-20 POE Multi-Service Router\n      - JD661A HP MSR30-40 POE Multi-Service Router\n      - JD666A HP MSR30-20 Multi-Service Router\n      - JF229A HP MSR30-40 Router\n      - JF230A HP MSR30-60 Router\n      - JF232A HP RTMSR3040-AC-OVSAS-H3\n      - JF235A HP MSR30-20 DC Router\n      - JF284A HP MSR30-20 Router\n      - JF287A HP MSR30-40 DC Router\n      - JF801A HP MSR30-60 DC Router\n      - JF802A HP MSR30-20 PoE Router\n      - JF803A HP MSR30-40 PoE Router\n      - JF804A HP MSR30-60 PoE Router\n      - JG728A HP MSR30-20 TAA-compliant DC Router\n      - JG729A HP MSR30-20 TAA-compliant Router\n  + **MSR 30-16 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD659A HP MSR30-16 POE Multi-Service Router\n      - JD665A HP MSR30-16 Multi-Service Router\n      - JF233A HP MSR30-16 Router\n      - JF234A HP MSR30-16 PoE Router\n  + **MSR 30-1X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF800A HP MSR30-11 Router\n      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\n      - JG182A HP MSR30-11E Router\n      - JG183A HP MSR30-11F Router\n      - JG184A HP MSR30-10 DC Router\n  + **MSR 50 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD433A HP MSR50-40 Router\n      - JD653A HP MSR50 Processor Module\n      - JD655A HP MSR50-40 Multi-Service Router\n      - JD656A HP MSR50-60 Multi-Service Router\n      - JF231A HP MSR50-60 Router\n      - JF285A HP MSR50-40 DC Router\n      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n  + **MSR 50-G2 (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JD429A HP MSR50 G2 Processor Module\n      - JD429B HP MSR50 G2 Processor Module\n  + **MSR 9XX (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JF812A HP MSR900 Router\n      - JF813A HP MSR920 Router\n      - JF814A HP MSR900-W Router\n      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr\n      - JG207A HP MSR900-W Router (NA)\n      - JG208A HP MSR920-W Router (NA)\n  + **MSR 93X (Comware 5) - Version: R2516**\n    * HP Network Products\n      - JG511A HP MSR930 Router\n      - JG511B HP MSR930 Router\n      - JG512A HP MSR930 Wireless Router\n      - JG513A HP MSR930 3G Router\n      - JG513B HP MSR930 3G Router\n      - JG514A HP MSR931 Router\n      - JG514B HP MSR931 Router\n      - JG515A HP MSR931 3G Router\n      - JG516A HP MSR933 Router\n      - JG517A HP MSR933 3G Router\n      - JG518A HP MSR935 Router\n      - JG518B HP MSR935 Router\n      - JG519A HP MSR935 Wireless Router\n      - JG520A HP MSR935 3G Router\n      - JG531A HP MSR931 Dual 3G Router\n      - JG531B HP MSR931 Dual 3G Router\n      - JG596A HP MSR930 4G LTE/3G CDMA Router\n      - JG597A HP MSR936 Wireless Router\n      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router\n      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router\n      - JH009A HP MSR931 Serial (TI) Router\n      - JH010A HP MSR933 G.SHDSL (TI) Router\n      - JH011A HP MSR935 ADSL2+ (TI) Router\n      - JH012A HP MSR930 Wireless 802.11n (NA) Router\n      - JH012B HP MSR930 Wireless 802.11n (NA) Router\n      - JH013A HP MSR935 Wireless 802.11n (NA) Router\n  + **MSR1000 (Comware 5) - Version: See Mitigation**\n    * HP Network Products\n      - JG732A HP MSR1003-8 AC Router\n  + **12500 (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JC808A HP 12500 TAA Main Processing Unit\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n  + **9500E (Comware 5) - Version: R1829P02**\n    * HP Network Products\n      - JC124A HP A9508 Switch Chassis\n      - JC124B HP 9505 Switch Chassis\n      - JC125A HP A9512 Switch Chassis\n      - JC125B HP 9512 Switch Chassis\n      - JC474A HP A9508-V Switch Chassis\n      - JC474B HP 9508-V Switch Chassis\n  + **10500 (Comware 5) - Version: R1210P02**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC614A HP 10500 Main Processing Unit\n      - JC748A HP 10512 Switch Chassis\n      - JG375A HP 10500 TAA-compliant Main Processing Unit\n      - JG820A HP 10504 TAA-compliant Switch Chassis\n      - JG821A HP 10508 TAA-compliant Switch Chassis\n      - JG822A HP 10508-V TAA-compliant Switch Chassis\n      - JG823A HP 10512 TAA-compliant Switch Chassis\n  + **7500 (Comware 5) - Version: R6710P02**\n    * HP Network Products\n      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port\nGig-T/4-port GbE Combo\n      - JC697A HP 7502 TAA-compliant Main Processing Unit\n      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8\nGbE Combo Ports\n      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP\nPorts\n      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit\n      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit\n      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports\n      - JD194A HP 7500 384Gbps Fabric Module\n      - JD194B HP 7500 384Gbps Fabric Module\n      - JD195A HP 7500 384Gbps Advanced Fabric Module\n      - JD196A HP 7502 Fabric Module\n      - JD220A HP 7500 768Gbps Fabric Module\n      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports\n      - JD238A HP 7510 Switch Chassis\n      - JD238B HP 7510 Switch Chassis\n      - JD239A HP 7506 Switch Chassis\n      - JD239B HP 7506 Switch Chassis\n      - JD240A HP 7503 Switch Chassis\n      - JD240B HP 7503 Switch Chassis\n      - JD241A HP 7506-V Switch Chassis\n      - JD241B HP 7506-V Switch Chassis\n      - JD242A HP 7502 Switch Chassis\n      - JD242B HP 7502 Switch Chassis\n      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot\n      - JE164A HP E7902 Switch Chassis\n      - JE165A HP E7903 Switch Chassis\n      - JE166A HP E7903 1 Fabric Slot Switch Chassis\n      - JE167A HP E7906 Switch Chassis\n      - JE168A HP E7906 Vertical Switch Chassis\n      - JE169A HP E7910 Switch Chassis\n  + **6125G/XG Blade Switch - Version: R2112P05**\n    * HP Network Products\n      - 737220-B21 HP 6125G Blade Switch with TAA\n      - 737226-B21 HP 6125G/XG Blade Switch with TAA\n      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit\n      - 658247-B21 HP 6125G Blade Switch Opt Kit\n  + **5830 (Comware 5) - Version: R1118P13**\n    * HP Network Products\n      - JC691A HP 5830AF-48G Switch with 1 Interface Slot\n      - JC694A HP 5830AF-96G Switch\n      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot\n      - JG374A HP 5830AF-96G TAA-compliant Switch\n  + **5800 (Comware 5) - Version: R1810P03**\n    * HP Network Products\n      - JC099A HP 5800-24G-PoE Switch\n      - JC099B HP 5800-24G-PoE+ Switch\n      - JC100A HP 5800-24G Switch\n      - JC100B HP 5800-24G Switch\n      - JC101A HP 5800-48G Switch with 2 Slots\n      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots\n      - JC103A HP 5800-24G-SFP Switch\n      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot\n      - JC104A HP 5800-48G-PoE Switch\n      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot\n      - JC105A HP 5800-48G Switch\n      - JC105B HP 5800-48G Switch with 1 Interface Slot\n      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch\n      - JG255A HP 5800-24G TAA-compliant Switch\n      - JG255B HP 5800-24G TAA-compliant Switch\n      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot\n      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot\n      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot\n      - JG225A HP 5800AF-48G Switch\n      - JG225B HP 5800AF-48G Switch\n      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots\n      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface\n      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch\n      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\n\u0026 1 OAA Slot\n      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots\nand 1 OAA Slot\n      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots\n      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots \u0026 1 OAA Slot\n      - JG219A HP 5820AF-24XG Switch\n      - JG219B HP 5820AF-24XG Switch\n      - JC102A HP 5820-24XG-SFP+ Switch\n      - JC102B HP 5820-24XG-SFP+ Switch\n  + **5500 HI (Comware 5) - Version: R5501P21**\n    * HP Network Products\n      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots\n      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots\n      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots\n      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots\n      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface\nSlots\n      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots\n  + **5500 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD373A HP 5500-24G DC EI Switch\n      - JD374A HP 5500-24G-SFP EI Switch\n      - JD375A HP 5500-48G EI Switch\n      - JD376A HP 5500-48G-PoE EI Switch\n      - JD377A HP 5500-24G EI Switch\n      - JD378A HP 5500-24G-PoE EI Switch\n      - JD379A HP 5500-24G-SFP DC EI Switch\n      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface\n      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface\nSlots\n  + **4800G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD007A HP 4800-24G Switch\n      - JD008A HP 4800-24G-PoE Switch\n      - JD009A HP 4800-24G-SFP Switch\n      - JD010A HP 4800-48G Switch\n      - JD011A HP 4800-48G-PoE Switch\n  + **5500SI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JD369A HP 5500-24G SI Switch\n      - JD370A HP 5500-48G SI Switch\n      - JD371A HP 5500-24G-PoE SI Switch\n      - JD372A HP 5500-48G-PoE SI Switch\n      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots\n      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots\n  + **4500G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF428A HP 4510-48G Switch\n      - JF847A HP 4510-24G Switch\n  + **5120 EI (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JE066A HP 5120-24G EI Switch\n      - JE067A HP 5120-48G EI Switch\n      - JE068A HP 5120-24G EI Switch with 2 Interface Slots\n      - JE069A HP 5120-48G EI Switch with 2 Interface Slots\n      - JE070A HP 5120-24G-PoE EI 2-slot Switch\n      - JE071A HP 5120-48G-PoE EI 2-slot Switch\n      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots\n      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots\n      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots\n      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots\n      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots\n      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots\n  + **4210G (Comware 5) - Version: R2221P22**\n    * HP Network Products\n      - JF844A HP 4210-24G Switch\n      - JF845A HP 4210-48G Switch\n      - JF846A HP 4210-24G-PoE Switch\n  + **5120 SI (Comware 5) - Version: R1517**\n    * HP Network Products\n      - JE072A HP 5120-48G SI Switch\n      - JE072B HPE 5120 48G SI Switch\n      - JE073A HP 5120-16G SI Switch\n      - JE073B HPE 5120 16G SI Switch\n      - JE074A HP 5120-24G SI Switch\n      - JE074B HPE 5120 24G SI Switch\n      - JG091A HP 5120-24G-PoE+ (370W) SI Switch\n      - JG091B HPE 5120 24G PoE+ (370W) SI Switch\n      - JG092A HP 5120-24G-PoE+ (170W) SI Switch\n      - JG309B HPE 5120 8G PoE+ (180W) SI Switch\n      - JG310B HPE 5120 8G PoE+ (65W) SI Switch\n  + **3610 (Comware 5) - Version: R5319P15**\n    * HP Network Products\n      - JD335A HP 3610-48 Switch\n      - JD336A HP 3610-24-4G-SFP Switch\n      - JD337A HP 3610-24-2G-2G-SFP Switch\n      - JD338A HP 3610-24-SFP Switch\n  + **3600V2 (Comware 5) - Version: R2111P01**\n    * HP Network Products\n      - JG299A HP 3600-24 v2 EI Switch\n      - JG299B HP 3600-24 v2 EI Switch\n      - JG300A HP 3600-48 v2 EI Switch\n      - JG300B HP 3600-48 v2 EI Switch\n      - JG301A HP 3600-24-PoE+ v2 EI Switch\n      - JG301B HP 3600-24-PoE+ v2 EI Switch\n      - JG301C HP 3600-24-PoE+ v2 EI Switch\n      - JG302A HP 3600-48-PoE+ v2 EI Switch\n      - JG302B HP 3600-48-PoE+ v2 EI Switch\n      - JG302C HP 3600-48-PoE+ v2 EI Switch\n      - JG303A HP 3600-24-SFP v2 EI Switch\n      - JG303B HP 3600-24-SFP v2 EI Switch\n      - JG304A HP 3600-24 v2 SI Switch\n      - JG304B HP 3600-24 v2 SI Switch\n      - JG305A HP 3600-48 v2 SI Switch\n      - JG305B HP 3600-48 v2 SI Switch\n      - JG306A HP 3600-24-PoE+ v2 SI Switch\n      - JG306B HP 3600-24-PoE+ v2 SI Switch\n      - JG306C HP 3600-24-PoE+ v2 SI Switch\n      - JG307A HP 3600-48-PoE+ v2 SI Switch\n      - JG307B HP 3600-48-PoE+ v2 SI Switch\n      - JG307C HP 3600-48-PoE+ v2 SI Switch\n  + **3100V2 (Comware 5) - Version: R5213P01**\n    * HP Network Products\n      - JD313B HPE 3100 24 PoE v2 EI Switch\n      - JD318B HPE 3100 8 v2 EI Switch\n      - JD319B HPE 3100 16 v2 EI Switch\n      - JD320B HPE 3100 24 v2 EI Switch\n      - JG221A HPE 3100 8 v2 SI Switch\n      - JG222A HPE 3100 16 v2 SI Switch\n      - JG223A HPE 3100 24 v2 SI Switch\n  + **HP870 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG723A HP 870 Unified Wired-WLAN Appliance\n      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP850 (Comware 5) - Version: R2607P51**\n    * HP Network Products\n      - JG722A HP 850 Unified Wired-WLAN Appliance\n      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance\n  + **HP830 (Comware 5) - Version: R3507P51**\n    * HP Network Products\n      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch\n      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch\n      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch\n      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant\n  + **HP6000 (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module\n      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module\n  + **WX5004-EI (Comware 5) - Version: R2507P44**\n    * HP Network Products\n      - JD447B HP WX5002 Access Controller\n      - JD448A HP WX5004 Access Controller\n      - JD448B HP WX5004 Access Controller\n      - JD469A HP WX5004 Access Controller\n  + **SecBlade FW (Comware 5) - Version: R3181P07**\n    * HP Network Products\n      - JC635A HP 12500 VPN Firewall Module\n      - JD245A HP 9500 VPN Firewall Module\n      - JD249A HP 10500/7500 Advanced VPN Firewall Module\n      - JD250A HP 6600 Firewall Processing Router Module\n      - JD251A HP 8800 Firewall Processing Module\n      - JD255A HP 5820 VPN Firewall Module\n  + **F1000-E (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JD272A HP F1000-E VPN Firewall Appliance\n  + **F1000-A-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG214A HP F1000-A-EI VPN Firewall Appliance\n  + **F1000-S-EI (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG213A HP F1000-S-EI VPN Firewall Appliance\n  + **F5000-A (Comware 5) - Version: F3210P26**\n    * HP Network Products\n      - JD259A HP A5000-A5 VPN Firewall Chassis\n      - JG215A HP F5000 Firewall Main Processing Unit\n      - JG216A HP F5000 Firewall Standalone Chassis\n  + **U200S and CS (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD273A HP U200-S UTM Appliance\n  + **U200A and M (Comware 5) - Version: F5123P33**\n    * HP Network Products\n      - JD275A HP U200-A UTM Appliance\n  + **F5000-C/S (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG650A HP F5000-C VPN Firewall Appliance\n      - JG370A HP F5000-S VPN Firewall Appliance\n  + **SecBlade III (Comware 5) - Version: TBD still fixing**\n    * HP Network Products\n      - JG371A HP 12500 20Gbps VPN Firewall Module\n      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module\n  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JC566A HP 6600 RSE-X1 Router Main Processing Unit\n      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit\n  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC165A HP 6600 RPE-X1 Router Module\n      - JC177A HP 6608 Router\n      - JC177B HPE FlexNetwork 6608 Router Chassis\n      - JC178A HPE FlexNetwork 6604 Router Chassis\n      - JC178B HPE FlexNetwork 6604 Router Chassis\n      - JC496A HPE FlexNetwork 6616 Router Chassis\n      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit\n  + **6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC176A HP 6602 Router Chassis\n  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JC177A HP 6608 Router\n      - JC177B HP 6608 Router Chassis\n      - JC178A HP 6604 Router Chassis\n      - JC178B HP 6604 Router Chassis\n      - JC496A HP 6616 Router Chassis\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG355A HP 6600 MCP-X1 Router Main Processing Unit\n      - JG356A HP 6600 MCP-X2 Router Main Processing Unit\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit\n  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: R3303P28.RU**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit\n  + **SMB1910 (Comware 5) - Version: R1113**\n    * HP Network Products\n      - JG540A HP 1910-48 Switch\n      - JG539A HP 1910-24-PoE+ Switch\n      - JG538A HP 1910-24 Switch\n      - JG537A HP 1910-8 -PoE+ Switch\n      - JG536A HP 1910-8 Switch\n  + **SMB1920 (Comware 5) - Version: R1112**\n    * HP Network Products\n      - JG928A HP 1920-48G-PoE+ (370W) Switch\n      - JG927A HP 1920-48G Switch\n      - JG926A HP 1920-24G-PoE+ (370W) Switch\n      - JG925A HP 1920-24G-PoE+ (180W) Switch\n      - JG924A HP 1920-24G Switch\n      - JG923A HP 1920-16G Switch\n      - JG922A HP 1920-8G-PoE+ (180W) Switch\n      - JG921A HP 1920-8G-PoE+ (65W) Switch\n      - JG920A HP 1920-8G Switch\n  + **V1910 (Comware 5) - Version: R1517P01**\n    * HP Network Products\n      - JE005A HP 1910-16G Switch\n      - JE006A HP 1910-24G Switch\n      - JE007A HP 1910-24G-PoE (365W) Switch\n      - JE008A HP 1910-24G-PoE(170W) Switch\n      - JE009A HP 1910-48G Switch\n      - JG348A HP 1910-8G Switch\n      - JG349A HP 1910-8G-PoE+ (65W) Switch\n      - JG350A HP 1910-8G-PoE+ (180W) Switch\n  + **SMB 1620 (Comware 5) - Version: R1110**\n    * HP Network Products\n      - JG914A HP 1620-48G Switch\n      - JG913A HP 1620-24G Switch\n      - JG912A HP 1620-8G Switch\n  + **NJ5000 - Version: R1107**\n    * HP Network Products\n      - JH237A HPE FlexNetwork NJ5000 5G PoE+ Walljack\n\n\n**COMWARE 7 Products**\n\n  + **12500 (Comware 7) - Version: R7377**\n    * HP Network Products\n      - JC072B HP 12500 Main Processing Unit\n      - JC085A HP A12518 Switch Chassis\n      - JC086A HP A12508 Switch Chassis\n      - JC652A HP 12508 DC Switch Chassis\n      - JC653A HP 12518 DC Switch Chassis\n      - JC654A HP 12504 AC Switch Chassis\n      - JC655A HP 12504 DC Switch Chassis\n      - JF430A HP A12518 Switch Chassis\n      - JF430B HP 12518 Switch Chassis\n      - JF430C HP 12518 AC Switch Chassis\n      - JF431A HP A12508 Switch Chassis\n      - JF431B HP 12508 Switch Chassis\n      - JF431C HP 12508 AC Switch Chassis\n      - JG497A HP 12500 MPU w/Comware V7 OS\n      - JG782A HP FF 12508E AC Switch Chassis\n      - JG783A HP FF 12508E DC Switch Chassis\n      - JG784A HP FF 12518E AC Switch Chassis\n      - JG785A HP FF 12518E DC Switch Chassis\n      - JG802A HP FF 12500E MPU\n  + **10500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JC611A HP 10508-V Switch Chassis\n      - JC612A HP 10508 Switch Chassis\n      - JC613A HP 10504 Switch Chassis\n      - JC748A HP 10512 Switch Chassis\n      - JG608A HP FlexFabric 11908-V Switch Chassis\n      - JG609A HP FlexFabric 11900 Main Processing Unit\n      - JG820A HP 10504 TAA Switch Chassis\n      - JG821A HP 10508 TAA Switch Chassis\n      - JG822A HP 10508-V TAA Switch Chassis\n      - JG823A HP 10512 TAA Switch Chassis\n      - JG496A HP 10500 Type A MPU w/Comware v7 OS\n      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating\nSystem\n      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System\nMain Processing Unit\n  + **12900 (Comware 7) - Version: R1150**\n    * HP Network Products\n      - JG619A HP FlexFabric 12910 Switch AC Chassis\n      - JG621A HP FlexFabric 12910 Main Processing Unit\n      - JG632A HP FlexFabric 12916 Switch AC Chassis\n      - JG634A HP FlexFabric 12916 Main Processing Unit\n      - JH104A HP FlexFabric 12900E Main Processing Unit\n      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit\n      - JH263A HP FlexFabric 12904E Main Processing Unit\n      - JH255A HP FlexFabric 12908E Switch Chassis\n      - JH262A HP FlexFabric 12904E Switch Chassis\n      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis\n      - JH103A HP FlexFabric 12916E Switch Chassis\n  + **5900 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JC772A HP 5900AF-48XG-4QSFP+ Switch\n      - JG296A HP 5920AF-24XG Switch\n      - JG336A HP 5900AF-48XGT-4QSFP+ Switch\n      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch\n      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch\n      - JG555A HP 5920AF-24XG TAA Switch\n      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch\n      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant\n      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch\n      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant\n  + **MSR1000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG875A HP MSR1002-4 AC Router\n      - JH060A HP MSR1003-8S AC Router\n  + **MSR2000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG411A HP MSR2003 AC Router\n      - JG734A HP MSR2004-24 AC Router\n      - JG735A HP MSR2004-48 Router\n      - JG866A HP MSR2003 TAA-compliant AC Router\n  + **MSR3000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG404A HP MSR3064 Router\n      - JG405A HP MSR3044 Router\n      - JG406A HP MSR3024 AC Router\n      - JG407A HP MSR3024 DC Router\n      - JG408A HP MSR3024 PoE Router\n      - JG409A HP MSR3012 AC Router\n      - JG410A HP MSR3012 DC Router\n      - JG861A HP MSR3024 TAA-compliant AC Router\n  + **MSR4000 (Comware 7) - Version: R0306P12**\n    * HP Network Products\n      - JG402A HP MSR4080 Router Chassis\n      - JG403A HP MSR4060 Router Chassis\n      - JG412A HP MSR4000 MPU-100 Main Processing Unit\n      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit\n  + **VSR (Comware 7) - Version: E0322P01**\n    * HP Network Products\n      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation\nSoftware\n      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router\n      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router\n      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router\n  + **7900 (Comware 7) - Version: R2150**\n    * HP Network Products\n      - JG682A HP FlexFabric 7904 Switch Chassis\n      - JG841A HP FlexFabric 7910 Switch Chassis\n      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit\n      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit\n      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis\n      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis\n      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main\nProcessing Unit\n      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main\nProcessing Unit\n  + **5130 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG932A HP 5130-24G-4SFP+ EI Switch\n      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch\n      - JG934A HP 5130-48G-4SFP+ EI Switch\n      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch\n      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch\n      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch\n      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch\n      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch\n      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch\n      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch\n      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch\n      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch\n  + **6125XLG - Version: R2432P01**\n    * HP Network Products\n      - 711307-B21 HP 6125XLG Blade Switch\n      - 737230-B21 HP 6125XLG Blade Switch with TAA\n  + **6127XLG - Version: R2432P01**\n    * HP Network Products\n      - 787635-B21 HP 6127XLG Blade Switch Opt Kit\n      - 787635-B22 HP 6127XLG Blade Switch with TAA\n  + **Moonshot - Version: R2432P01**\n    * HP Network Products\n      - 786617-B21 - HP Moonshot-45Gc Switch Module\n      - 704654-B21 - HP Moonshot-45XGc Switch Module\n      - 786619-B21 - HP Moonshot-180XGc Switch Module\n  + **5700 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch\n      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch\n      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch\n      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch\n      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch\n      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch\n  + **5930 (Comware 7) - Version: R2432P01**\n    * HP Network Products\n      - JG726A HP FlexFabric 5930 32QSFP+ Switch\n      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch\n      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch\n      - JH179A HP FlexFabric 5930 4-slot Switch\n      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch\n      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch\n  + **HSR6600 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG353A HP HSR6602-G Router\n      - JG354A HP HSR6602-XG Router\n      - JG776A HP HSR6602-G TAA-compliant Router\n      - JG777A HP HSR6602-XG TAA-compliant Router\n  + **HSR6800 (Comware 7) - Version: R7103P09**\n    * HP Network Products\n      - JG361A HP HSR6802 Router Chassis\n      - JG361B HP HSR6802 Router Chassis\n      - JG362A HP HSR6804 Router Chassis\n      - JG362B HP HSR6804 Router Chassis\n      - JG363A HP HSR6808 Router Chassis\n      - JG363B HP HSR6808 Router Chassis\n      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit\n      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing\n      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit\n  + **1950 (Comware 7) - Version: R3113P02**\n    * HP Network Products\n      - JG960A HP 1950-24G-4XG Switch\n      - JG961A HP 1950-48G-2SFP+-2XGT Switch\n      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch\n      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch\n  + **7500 (Comware 7) - Version: R7180**\n    * HP Network Products\n      - JD238C HP 7510 Switch Chassis\n      - JD239C HP 7506 Switch Chassis\n      - JD240C HP 7503 Switch Chassis\n      - JD242C HP 7502 Switch Chassis\n      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only\nMain Processing Unit\n      - JH208A HP 7502 Main Processing Unit\n      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port\n40GbE QSFP+ Main Processing Unit\n  + **5510HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH145A HPE 5510 24G 4SFP+ HI 1-slot Switch\n      - JH146A HPE 5510 48G 4SFP+ HI 1-slot Switch\n      - JH147A HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch\n      - JH148A HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch\n      - JH149A HPE 5510 24G SFP 4SFP+ HI 1-slot Switch\n  + **5130HI (Comware 7) - Version: R1120**\n    * HP Network Products\n      - JH323A HPE 5130 24G 4SFP+ 1-slot HI Switch\n      - JH324A HPE 5130 48G 4SFP+ 1-slot HI Switch\n      - JH325A HPE 5130 24G PoE+ 4SFP+ 1-slot HI Switch\n      - JH326A HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch\n\n\n**iMC Products**\n\n  + **IMC PLAT - Version: 7.2 E0403P04**\n    * HP Network Products\n      - JD125A  HP IMC Std S/W Platform w/100-node\n      - JD126A  HP IMC Ent S/W Platform w/100-node\n      - JD808A  HP IMC Ent Platform w/100-node License\n      - JD814A   HP A-IMC Enterprise Edition Software DVD Media\n      - JD815A  HP IMC Std Platform w/100-node License\n      - JD816A  HP A-IMC Standard Edition Software DVD Media\n      - JF288AAE  HP Network Director to Intelligent Management Center\nUpgrade E-LTU\n      - JF289AAE  HP Enterprise Management System to Intelligent Management\nCenter Upgrade E-LTU\n      - JF377A  HP IMC Std S/W Platform w/100-node Lic\n      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU\n      - JF378A  HP IMC Ent S/W Platform w/200-node Lic\n      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU\n      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU\n      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\n      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU\n      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU\n      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU\n      - JG768AAE  HP PCM+ to IMC Std Upg w/ 200-node E-LTU\n  + **IMC iNode - Version: 7.2 E0407**\n    * HP Network Products\n      - JD144A HP A-IMC User Access Management Software Module with 200-user\nLicense\n      - JD147A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JD435A HP A-IMC Endpoint Admission Defense Client Software\n      - JF388A HP IMC User Authentication Management Software Module with\n200-user License\n      - JF388AAE HP IMC User Authentication Management Software Module with\n200-user E-LTU\n      - JF391A HP IMC Endpoint Admission Defense Software Module with\n200-user License\n      - JF391AAE HP IMC Endpoint Admission Defense Software Module with\n200-user E-LTU\n      - JG752AAE HP IMC User Access Manager Software Module with 50-user\nE-LTU\n      - JG754AAE) HP IMC Endpoint Admission Defense Software Module with\n50-user E-LTU\n  + **iMC UAM_TAM - Version: 7.1 E0406**\n    * HP Network Products\n      - JF388A HP IMC UAM S/W MODULE W/200-USER LICENSE\n      - JF388AAE HP IMC UAM S/W MODULE W/200-USER E-LTU\n      - JG752AAE HP IMC UAM SW MOD W/ 50-USER E-LTU\n      - JG483A HP IMC TAM S/W MODULE W/100-NODE LIC\n      - JG483AAE HP IMC TAM S/W MODULE W/100-NODE E-LTU\n      - JG764AAE HP IMC TAM SW MOD W/ 50-NODE E-LTU\n  + **IMC WSM - Version: 7.2 E0502P04**\n    * HP Network Products\n      - JD456A HP IMC WSM Software Module with 50-Access Point License\n      - JF414A HP IMC Wireless Service Manager Software Module with 50-Access\nPoint License\n      - JF414AAE HP IMC Wireless Service Manager Software Module with\n50-Access Point E-LTU\n      - JG551AAE HP PCM+ Mobility Manager to IMC Wireless Service Manager\nModule Upgrade with 250 Access Point E-LTU\n      - JG758AAE HP IMC WSM/RTLS w/ 50-node E-LTU\n      - JG769AAE HP PCM Mobility Manager to IMC Wireless Service Manager Upg\nwith 250-node E-LTU\n\n**VCX Products**\n\n  + **VCX - Version: 9.8.19**\n    * HP Network Products\n      - J9672A HP VCX V7205 Platform w/ DL360 G7 Srvr\n      - J9668A HP VCX IPC V7005 Pltfrm w/ DL120 G6 Srvr\n      - JC517A HP VCX V7205 Platform w/DL 360 G6 Server\n      -  JE355A HP VCX V6000 Branch Platform 9.0\n      - JC516A HP VCX V7005 Platform w/DL 120 G6 Server\n      - JC518A HP VCX Connect 200 Primry 120 G6 Server\n      - J9669A HP VCX IPC V7310 Pltfrm w/ DL360 G7 Srvr\n      - JE341A HP VCX Connect 100 Secondary\n      - JE252A HP VCX Connect Primary MIM Module\n      - JE253A HP VCX Connect Secondary MIM Module\n      - JE254A HP VCX Branch MIM Module\n      - JE355A HP VCX V6000 Branch Platform 9.0\n      - JD028A HP MS30-40 RTR w/VCX + T1/FXO/FXS/Mod\n      - JD023A HP MSR30-40 Router with VCX MIM Module\n      - JD024A HP MSR30-16 RTR w/VCX Ent Br Com MIM\n      - JD025A HP MSR30-16 RTR w/VCX + 4FXO/2FXS Mod\n      - JD026A HP MSR30-16 RTR w/VCX + 8FXO/4FXS Mod\n      - JD027A HP MSR30-16 RTR w/VCX + 8BRI/4FXS Mod\n      - JD029A HP MSR30-16 RTR w/VCX + E1/4BRI/4FXS\n      - JE340A HP VCX Connect 100 Pri Server 9.0\n      - JE342A HP VCX Connect 100 Sec Server 9.0\n\n**Note:** Please contact HPE Technical Support if any assistance is needed\nacquiring the software updates. \n\nHISTORY\nVersion:1 (rev.1) - 21 February 2017 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n\nReferences:\n\nCVE-2007-6750\nCVE-2011-4969\nCVE-2014-3508\nCVE-2014-3509\nCVE-2014-3511\nCVE-2014-3513\nCVE-2014-3569\nCVE-2014-3568\nCVE-2014-3567\nCVE-2015-1788\nCVE-2015-1789\nCVE-2015-1790\nCVE-2015-1791\nCVE-2015-1792\nCVE-2015-0205\nCVE-2015-3194\nCVE-2015-3195\nCVE-2015-3237\nCVE-2015-6565\nCVE-2015-7501\nCVE-2015-7547\nCVE-2015-7995\nCVE-2015-8035\nCVE-2016-0705\nCVE-2016-0728\nCVE-2016-0799\nCVE-2016-2015\nCVE-2016-2017\nCVE-2016-2018\nCVE-2016-2019\nCVE-2016-2020\nCVE-2016-2021\nCVE-2016-2022\nCVE-2016-2024\nCVE-2016-2030\nCVE-2016-2842\nPSRT110092\nPSRT110093\nPSRT110094\nPSRT110095\nPSRT110096\nPSRT110138\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: Red Hat JBoss Enterprise Application Platform 6.4.10 natives update on RHEL 7\nAdvisory ID:       RHSA-2016:2054-01\nProduct:           Red Hat JBoss Enterprise Application Platform\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2016-2054.html\nIssue date:        2016-10-12\nCVE Names:         CVE-2015-3183 CVE-2015-3195 CVE-2015-4000 \n                   CVE-2016-2105 CVE-2016-2106 CVE-2016-2108 \n                   CVE-2016-2109 CVE-2016-3110 CVE-2016-4459 \n=====================================================================\n\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Enterprise Application Platform\n6.4.10 natives, fix several bugs, and add various enhancements are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7. \n\nThis release includes bug fixes and enhancements, as well as a new release\nof OpenSSL that addresses a number of outstanding security flaws. For\nfurther information, see the knowledge base article linked to in the\nReferences section. All users of Red Hat JBoss Enterprise Application\nPlatform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these\nupdated packages. The JBoss server process must be restarted for the update\nto take effect. \n\nSecurity Fix(es):\n\n* A flaw was found in the way OpenSSL encoded certain ASN.1 data\nstructures. An attacker could use this flaw to create a specially crafted\ncertificate which, when verified or re-encoded by OpenSSL, could cause it\nto crash, or execute arbitrary code using the permissions of the user\nrunning an application compiled against the OpenSSL library. \n(CVE-2016-2108)\n\n* Multiple flaws were found in the way httpd parsed HTTP requests and\nresponses using chunked transfer encoding. A remote attacker could use\nthese flaws to create a specially crafted request, which httpd would decode\ndifferently from an HTTP proxy software in front of it, possibly leading to\nHTTP request smuggling attacks. (CVE-2015-3183)\n\n* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7\nand CMS data. (CVE-2015-3195)\n\n* A flaw was found in the way the TLS protocol composes the Diffie-Hellman\nexchange (for both export and non-export grade cipher suites). An attacker\ncould use this flaw to downgrade a DHE connection to use export-grade key\nsizes, which could then be broken by sufficient pre-computation. This can\nlead to a passive man-in-the-middle attack in which the attacker is able to\ndecrypt all traffic. (CVE-2015-4000)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of\ninput data. A remote attacker could use this flaw to crash an application\nusing OpenSSL or, possibly, execute arbitrary code with the permissions of\nthe user running that application. (CVE-2016-2105)\n\n* An integer overflow flaw, leading to a buffer overflow, was found in the\nway the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts\nof input data. A remote attacker could use this flaw to crash an\napplication using OpenSSL or, possibly, execute arbitrary code with the\npermissions of the user running that application. (CVE-2016-2106)\n\n* It was discovered that it is possible to remotely Segfault Apache http\nserver with a specially crafted string sent to the mod_cluster via service\nmessages (MCMP). (CVE-2016-3110)\n\n* A denial of service flaw was found in the way OpenSSL parsed certain\nASN.1-encoded data from BIO (OpenSSL\u0027s I/O abstraction) inputs. An\napplication using OpenSSL that accepts untrusted ASN.1 BIO input could be\nforced to allocate an excessive amount of data. (CVE-2016-2109)\n\n* It was discovered that specifying configuration with a JVMRoute path\nlonger than 80 characters will cause segmentation fault leading to a server\ncrash. (CVE-2016-4459)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2016-2108, CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for\nreporting CVE-2016-3110. The CVE-2016-4459 issue was discovered by Robert\nBost (Red Hat). Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno\nBAPck, and David Benjamin (Google) as the original reporters of\nCVE-2016-2108; and Guido Vranken as the original reporter of CVE-2016-2105\nand CVE-2016-2106. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks\n1243887 - CVE-2015-3183 httpd: HTTP request smuggling attack against chunked request parser\n1288322 - CVE-2015-3195 OpenSSL: X509_ATTRIBUTE memory leak\n1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server\n1330101 - CVE-2016-2109 openssl: ASN.1 BIO handling of large amounts of data\n1331402 - CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder\n1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow\n1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow\n1341583 - CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute\n1345989 - RHEL7 RPMs: Upgrade mod_cluster-native to 1.2.13.Final-redhat-1\n1345993 - RHEL7 RPMs: Upgrade mod_jk to 1.2.41.redhat-1\n1345997 - RHEL7 RPMs: Upgrade tomcat-native to 1.1.34\n\n6. Package List:\n\nRed Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server:\n\nSource:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.src.rpm\nhttpd22-2.2.26-56.ep6.el7.src.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.src.rpm\nmod_jk-1.2.41-2.redhat_4.ep6.el7.src.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.src.rpm\n\nnoarch:\njbcs-httpd24-1-3.jbcs.el7.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el7.noarch.rpm\n\nppc64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\nhttpd22-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.ppc64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.ppc64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.ppc64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.ppc64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.ppc64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.ppc64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.ppc64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.ppc64.rpm\n\nx86_64:\nhornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhornetq-native-debuginfo-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\nhttpd22-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-debuginfo-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-devel-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-manual-2.2.26-56.ep6.el7.x86_64.rpm\nhttpd22-tools-2.2.26-56.ep6.el7.x86_64.rpm\njbcs-httpd24-openssl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el7.x86_64.rpm\njbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el7.x86_64.rpm\njbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\nmod_jk-ap22-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_jk-debuginfo-1.2.41-2.redhat_4.ep6.el7.x86_64.rpm\nmod_ldap22-2.2.26-56.ep6.el7.x86_64.rpm\nmod_ssl22-2.2.26-56.ep6.el7.x86_64.rpm\ntomcat-native-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\ntomcat-native-debuginfo-1.1.34-5.redhat_1.ep6.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-3183\nhttps://access.redhat.com/security/cve/CVE-2015-3195\nhttps://access.redhat.com/security/cve/CVE-2015-4000\nhttps://access.redhat.com/security/cve/CVE-2016-2105\nhttps://access.redhat.com/security/cve/CVE-2016-2106\nhttps://access.redhat.com/security/cve/CVE-2016-2108\nhttps://access.redhat.com/security/cve/CVE-2016-2109\nhttps://access.redhat.com/security/cve/CVE-2016-3110\nhttps://access.redhat.com/security/cve/CVE-2016-4459\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/2688611\nhttps://access.redhat.com/solutions/222023\nhttps://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2016 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFX/nCuXlSAg2UNWIIRAq6gAKCk3O4+LVrC6nN6yUHOOzpm8GB7NQCcDcA0\nn7n6E5uqbAY0W1AG5Z+9yy8=\n=6ET2\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update\n2016-002\n\nOS X El Capitan 10.11.4 and Security Update 2016-002 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1733 : Proteas of Qihoo 360 Nirvan Team\n\nAppleRAID\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1732 : Proteas of Qihoo 360 Nirvan Team\n\nAppleUSBNetworking\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue existed in the parsing of\ndata from USB devices. This issue was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1734 : Andrea Barisani and Andrej Rosano of Inverse Path\n\nBluetooth\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1735 : Jeonghoon Shin@A.D.D\nCVE-2016-1736 : beist and ABH of BoB\n\nCarbon\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .dfont file may lead to\narbitrary code execution\nDescription:  Multiple memory corruption issues existed in the\nhandling of font files. These issues were addressed through improved\nbounds checking. \nCVE-ID\nCVE-2016-1737 : an anonymous researcher\n\ndyld\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker may tamper with code-signed applications to\nexecute arbitrary code in the application\u0027s context\nDescription:  A code signing verification issue existed in dyld. This\nissue was addressed with improved validation. \nCVE-ID\nCVE-2016-1738 : beist and ABH of BoB\n\nFontParser\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Opening a maliciously crafted PDF file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with\nTrend Micro\u0027s Zero Day Initiative (ZDI)\n\nHTTPProtocol\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to execute arbitrary code\nDescription:  Multiple vulnerabilities existed in nghttp2 versions\nprior to 1.6.0, the most serious of which may have led to remote code\nexecution. These were addressed by updating nghttp2 to version 1.6.0. \nCVE-ID\nCVE-2015-8659\n\nIntel Graphics Driver\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1743 : Piotr Bania of Cisco Talos\nCVE-2016-1744 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to cause a denial of service\nDescription:  A null pointer dereference was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1745 : sweetchip of Grayhash\n\nIOGraphics\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A memory corruption issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1746 : Peter Pi of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\nCVE-2016-1747 : Juwei Lin of Trend Micro working with Trend Micro\u0027s\nZero Day Initiative (ZDI)\n\nIOHIDFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  A memory corruption issue was addressed through\nimproved memory handling. \nCVE-ID\nCVE-2016-1748 : Brandon Azad\n\nIOUSBFamily\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1749 : Ian Beer of Google Project Zero and Juwei Lin of\nTrend Micro working with Trend Micro\u0027s Zero Day Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A use after free issue was addressed through improved\nmemory management. \nCVE-ID\nCVE-2016-1750 : CESG\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A race condition existed during the creation of new\nprocesses. This was addressed through improved state handling. \nCVE-ID\nCVE-2016-1757 : Ian Beer of Google Project Zero and Pedro Vilaca\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  A null pointer dereference was addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1756 : Lufeng Li of Qihoo 360 Vulcan Team\n\nKernel\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2016-1755 : Ian Beer of Google Project Zero\nCVE-2016-1759 : lokihardt\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to determine kernel memory layout\nDescription:  An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed through improved\ninput validation. \nCVE-ID\nCVE-2016-1758 : Brandon Azad\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple integer overflows were addressed through\nimproved input validation. \nCVE-ID\nCVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro\u0027s Zero\nDay Initiative (ZDI)\n\nKernel\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to cause a denial of service\nDescription:  A denial of service issue was addressed through\nimproved validation. \nCVE-ID\nCVE-2016-1752 : CESG\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing maliciously crafted XML may lead to unexpected\napplication termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-1819\nCVE-2015-5312 : David Drysdale of Google\nCVE-2015-7499\nCVE-2015-7500 : Kostya Serebryany of Google\nCVE-2015-7942 : Kostya Serebryany of Google\nCVE-2015-8035 : gustavo.grieco\nCVE-2015-8242 : Hugh Davenport\nCVE-2016-1761 : wol0xff working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\nCVE-2016-1762\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker who is able to bypass Apple\u0027s certificate\npinning, intercept TLS connections, inject messages, and record\nencrypted attachment-type messages may be able to read attachments\nDescription:  A cryptographic issue was addressed by rejecting\nduplicate messages on the client. \nCVE-ID\nCVE-2016-1788 : Christina Garman, Matthew Green, Gabriel Kaptchuk,\nIan Miers, and Michael Rushanan of Johns Hopkins University\n\nMessages\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a JavaScript link can reveal sensitive user\ninformation\nDescription:  An issue existed in the processing of JavaScript links. \nThis issue was addressed through improved content security policy\nchecks. \nCVE-ID\nCVE-2016-1764 : Matthew Bryan of the Uber Security Team (formerly of\nBishop Fox), Joe DeMesy and Shubham Shah of Bishop Fox\n\nNVIDIA Graphics Drivers\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An application may be able to execute arbitrary code with\nkernel privileges\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1741 : Ian Beer of Google Project Zero\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Connecting to a server may leak sensitive user information,\nsuch as a client\u0027s private keys\nDescription:  Roaming, which was on by default in the OpenSSH client,\nexposed an information leak and a buffer overflow. These issues were\naddressed by disabling roaming in the client. \nCVE-ID\nCVE-2016-0777 : Qualys\nCVE-2016-0778 : Qualys\n\nOpenSSH\nAvailable for:  OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact:  Multiple vulnerabilities in LibreSSL\nDescription:  Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333 : Qualys\nCVE-2015-5334 : Qualys\n\nOpenSSL\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A memory leak existed in OpenSSL versions prior to\n0.9.8zh. This issue was addressed by updating OpenSSL to version\n0.9.8zh. \nCVE-ID\nCVE-2015-3195\n\nPython\nAvailable for:  OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nand OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by updating libpng to version\n1.6.20. \nCVE-ID\nCVE-2014-9495\nCVE-2015-0973\nCVE-2015-8126 : Adam Mari\u0161\nCVE-2015-8472 : Adam Mari\u0161\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted FlashPix Bitmap Image may\nlead to unexpected application termination or arbitrary code\nexecution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1767 : Francis Provencher from COSIG\nCVE-2016-1768 : Francis Provencher from COSIG\n\nQuickTime\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted Photoshop document may lead\nto unexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2016-1769 : Francis Provencher from COSIG\n\nReminders\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Clicking a tel link can make a call without prompting the\nuser\nDescription:  A user was not prompted before invoking a call. This\nwas addressed through improved entitlement checks. \nCVE-ID\nCVE-2016-1770 : Guillaume Ross of Rapid7 and Laurent Chouinard of\nLaurent.ca\n\nRuby\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription:  An unsafe tainted string usage vulnerability existed in\nversions prior to 2.0.0-p648. This issue was addressed by updating to\nversion 2.0.0-p648. \nCVE-ID\nCVE-2015-7551\n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  A local user may be able to check for the existence of\narbitrary files\nDescription:  A permissions issue existed in code signing tools. This\nwas addressed though additional ownership checks. \nCVE-ID\nCVE-2016-1773 : Mark Mentovai of Google Inc. \n\nSecurity\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the ASN.1 decoder. \nThis issue was addressed through improved input validation. \nCVE-ID\nCVE-2016-1950 : Francis Gabriel of Quarkslab\n\nTcl\nAvailable for:  \nOS X Yosemite v10.10.5 and OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted .png file may lead to\narbitrary code execution\nDescription:  Multiple vulnerabilities existed in libpng versions\nprior to 1.6.20. These were addressed by removing libpng. \nCVE-ID\nCVE-2015-8126 : Adam Mari\u0161\n\nTrueTypeScaler\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2016-1775 : 0x1byte working with Trend Micro\u0027s Zero Day\nInitiative (ZDI)\n\nWi-Fi\nAvailable for:  OS X El Capitan v10.11 to v10.11.3\nImpact:  An attacker with a privileged network position may be able\nto execute arbitrary code\nDescription:  A frame validation and memory corruption issue existed\nfor a given ethertype. This issue was addressed through additional\nethertype validation and improved memory handling. \nCVE-ID\nCVE-2016-0801 : an anonymous researcher\nCVE-2016-0802 : an anonymous researcher\n\nOS X El Capitan 10.11.4 includes the security content of Safari 9.1. \nhttps://support.apple.com/kb/HT206171\n\nOS X El Capitan v10.11.4 and Security Update 2016-002 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJW8JQFAAoJEBcWfLTuOo7tZSYP/1bHFA1qemkD37uu7nYpk/q6\nARVsPgME1I1+5tOxX0TQJgzMBmdQsKYdsTiLpDk5HTuv+dAMsFfasaUItGk8Sz1w\nHiYjSfVsxL+Pjz3vK8/4/fsi2lX6472MElRw8gudITOhXtniGcKo/vuA5dB+vM3l\nJy1NLHHhZ6BD2t0bBmlz41mZMG3AMxal2wfqE+5LkjUwASzcvC/3B1sh7Fntwyau\n/71vIgMQ5AaETdgQJAuQivxPyTlFduBRgLjqvPiB9eSK4Ctu5t/hErFIrP2NiDCi\nUhfZC48XbiRjJfkUsUD/5TIKnI+jkZxOnch9ny32dw2kUIkbIAbqufTkzsMXOpng\nO+rI93Ni7nfzgI3EkI2bq+C+arOoRiveWuJvc3SMPD5RQHo4NCQVs0ekQJKNHF78\njuPnY29n8WMjwLS6Zfm+bH+n8ELIXrmmEscRztK2efa9S7vJe+AgIxx7JE/f8OHF\ni9K7UQBXFXcpMjXi1aTby/IUnpL5Ny4NVwYwIhctj0Mf6wTH7uf/FMWYIQOXcIfP\nIzo+GXxNeLd4H2ypZ+UpkZg/Sn2mtCd88wLc96+owlZPBlSqWl3X1wTlp8i5FP2X\nqlQ7RcTHJDv8jPT/MOfzxEK1n/azp45ahHA0o6nohUdxlA7PLci9vPiJxqKPo/0q\nVZmOKa8qMxB1L/JmdCqy\n=mZR+\n-----END PGP SIGNATURE-----\n. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). (CVE-2014-8176,\nCVE-2015-0209, CVE-2015-0286, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196,\nCVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799,\nCVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,\nCVE-2016-2177, CVE-2016-2178, CVE-2016-2842)\n\n* This update fixes several flaws in libxml2. (CVE-2016-1762,\nCVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837,\nCVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705,\nCVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483)\n\n* This update fixes three flaws in curl. (CVE-2016-5419, CVE-2016-5420,\nCVE-2016-7141)\n\n* This update fixes two flaws in httpd. (CVE-2014-3523, CVE-2015-3185)\n\n* This update fixes two flaws in mod_cluster. (CVE-2016-4459,\nCVE-2016-8612)\n\n* A buffer overflow flaw when concatenating virtual host names and URIs was\nfixed in mod_jk. (CVE-2016-6808)\n\n* A memory leak flaw was fixed in expat. \n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. JIRA issues fixed (https://issues.jboss.org/):\n\nJBCS-50 - CVE-2012-1148 CVE-2012-0876 expat: various flaws [jbews-3.0.0]\nJBCS-95 - CVE-2014-3523 httpd: WinNT MPM denial of service\n\n6. 5 client) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. The Common Vulnerabilities and Exposures project\nidentifies the following issues:\n\nCVE-2015-3194\n\n    Loic Jonas Etienne of Qnective AG discovered that the signature\n    verification routines will crash with a NULL pointer dereference if\n    presented with an ASN.1 signature using the RSA PSS algorithm and\n    absent mask generation function parameter. A remote attacker can\n    exploit this flaw to crash any certificate verification operation\n    and mount a denial of service attack. \n\nCVE-2015-3196\n\n    A race condition flaw in the handling of PSK identify hints was\n    discovered, potentially leading to a double free of the identify\n    hint data. \n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 1.0.1e-2+deb7u18. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.0.1k-3+deb8u2. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.0.2e-1 or earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      }
    ],
    "trust": 3.06
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-3195",
        "trust": 4.0
      },
      {
        "db": "BID",
        "id": "91787",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "78626",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10733",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10761",
        "trust": 1.8
      },
      {
        "db": "JUNIPER",
        "id": "JSA10759",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1034294",
        "trust": 1.8
      },
      {
        "db": "SIEMENS",
        "id": "SSA-412672",
        "trust": 1.8
      },
      {
        "db": "PULSESECURE",
        "id": "SA40100",
        "trust": 1.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95113540",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU97668313",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.0696",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "134783",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156",
        "trust": 0.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-349-21",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "141239",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "137292",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139114",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "136346",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "139116",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "140182",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "134632",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "id": "VAR-201512-0484",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-07-23T20:40:42.235000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht206167"
      },
      {
        "title": "HT206167",
        "trust": 0.8,
        "url": "https://support.apple.com/ja-jp/ht206167"
      },
      {
        "title": "HPSBMU03590",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "title": "HPSBMU03611",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05150888"
      },
      {
        "title": "HPSBMU03612",
        "trust": 0.8,
        "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05158380"
      },
      {
        "title": "Release Strategy",
        "trust": 0.8,
        "url": "https://www.openssl.org/policies/releasestrat.html"
      },
      {
        "title": "OpenSSL 1.0.2 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
      },
      {
        "title": "OpenSSL 1.0.1 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.1-notes.html"
      },
      {
        "title": "OpenSSL 1.0.0 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-1.0.0-notes.html"
      },
      {
        "title": "OpenSSL 0.9.8 Series Release Notes",
        "trust": 0.8,
        "url": "https://www.openssl.org/news/openssl-0.9.8-notes.html"
      },
      {
        "title": "Fix leak with ASN.1 combine.",
        "trust": 0.8,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d"
      },
      {
        "title": "X509_ATTRIBUTE memory leak (CVE-2015-3195)",
        "trust": 0.8,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - July 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujul2016verbose-2881721.html"
      },
      {
        "title": "Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "title": "Oracle Linux Bulletin - October 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "title": "Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "January 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
      },
      {
        "title": "October 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
      },
      {
        "title": "July 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/july_2016_critical_patch_update"
      },
      {
        "title": "TLSA-2015-20",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2015/tlsa-2015-20j.html"
      },
      {
        "title": "Patch for OpenSSL X509_ATTRIBUTE Structure Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/67698"
      },
      {
        "title": "OpenSSL ASN1_TFLG_COMBINE Security vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=58937"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152616 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: openssl security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152617 - security advisory"
      },
      {
        "title": "Red Hat: CVE-2015-3195",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2015-3195"
      },
      {
        "title": "Debian Security Advisories: DSA-3413-1 openssl -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=82bedc073c0f22b408ebaf092ed8621c"
      },
      {
        "title": "Ubuntu Security Notice: openssl vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2830-1"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2015-614",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-614"
      },
      {
        "title": "Tenable Security Advisories: [R7] OpenSSL \u002720151203\u0027 Advisory Affects Tenable SecurityCenter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=tns-2016-01"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20151204-openssl"
      },
      {
        "title": "Forcepoint Security Advisories: CVE-2015-3194, 3195, 3196 -- Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories\u0026qid=62ab21cc073446940abce12c35db3049"
      },
      {
        "title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20162957 - security advisory"
      },
      {
        "title": "Symantec Security Advisories: SA105 : OpenSSL Vulnerabilities 3-Dec-2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=a924415f718a299b2d1e8046890941f3"
      },
      {
        "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=435ed9abc2fb1e74ce2a69605a01e326"
      },
      {
        "title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
      },
      {
        "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=6c15273f6bf4a785175f27073b98a1ce"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2017",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=2f446a7e1ea263c0c3a365776c6713f2"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - July 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=3a04485ebb79f7fbc2472bf9af5ce489"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3195 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.debian.org/security/2015/dsa-3413"
      },
      {
        "trust": 1.9,
        "url": "http://openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2616.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2056.html"
      },
      {
        "trust": 1.9,
        "url": "http://rhn.redhat.com/errata/rhsa-2016-2957.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/78626"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/91787"
      },
      {
        "trust": 1.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151204-openssl"
      },
      {
        "trust": 1.8,
        "url": "http://fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://www.fortiguard.com/advisory/openssl-advisory-december-2015"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
      },
      {
        "trust": 1.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04944173"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05111017"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05131085"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05150888"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05158380"
      },
      {
        "trust": 1.8,
        "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05398322"
      },
      {
        "trust": 1.8,
        "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa40100"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht206167"
      },
      {
        "trust": 1.8,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-december/173801.html"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2015-2617.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.securitytracker.com/id/1034294"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00017.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00087.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00103.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html"
      },
      {
        "trust": 1.8,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
      },
      {
        "trust": 1.8,
        "url": "http://www.ubuntu.com/usn/usn-2830-1"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=145382583417444\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10761"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10759"
      },
      {
        "trust": 1.7,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2015\u0026m=slackware-security.754583"
      },
      {
        "trust": 1.7,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10733"
      },
      {
        "trust": 1.1,
        "url": "https://git.openssl.org/?p=openssl.git%3ba=commit%3bh=cc598f321fbac9c04da5766243ed55d55948637d"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3195"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95113540/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97668313"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3195"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3195"
      },
      {
        "trust": 0.7,
        "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d"
      },
      {
        "trust": 0.6,
        "url": "https://www.openssl.org/news/secadv/20151203.txt"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3194"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2015-3195"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3196"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2109"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2106"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2109"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2106"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-4459"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2108"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2105"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2016-2108"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.2,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8035"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0799"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2688611"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/solutions/222023"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4459"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4000"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3183"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2016-3110"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2015-3183"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-3110"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=6.4"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10733"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10759"
      },
      {
        "trust": 0.1,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10761"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=145382583417444\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026amp;y=2015\u0026amp;m=slackware-security.754583"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2015:2616"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2015-3195"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/2830-1/"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42530"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05398322"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3193"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1794"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7995"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2007-6750"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1790"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1792"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131085"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1791"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2015"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0728"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7501"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05111017"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4969"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05131044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6565"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3508"
      },
      {
        "trust": 0.1,
        "url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05130958"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3509"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3511"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/info/insightcontrol"
      },
      {
        "trust": 0.1,
        "url": "https://rhn.redhat.com/errata/rhsa-2016-2054.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6.4/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7551"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0777"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8659"
      },
      {
        "trust": 0.1,
        "url": "https://gpgtools.org"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8472"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7499"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0801"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8242"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8126"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht206171"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1732"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5312"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7942"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7500"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9495"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1734"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5334"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1733"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1736"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1735"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0778"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5333"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0802"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1738"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1737"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0973"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
      },
      {
        "trust": 0.1,
        "url": "https://issues.jboss.org/):"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4448"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-6808"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en/red-hat-jboss-core-services-apache-http-server/version-2.4.23/apache-http-server-2423-release-notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2107"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2177"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4483"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2014-3523"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2842"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-8612"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3185"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3194"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=distributions\u0026version=2.4.23"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8176"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1840"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1836"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4449"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1762"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5420"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-2178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-3627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2012-1148"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1837"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1839"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5419"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-0209"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0702"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2015-3216"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1838"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1833"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1834"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-4447"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-7141"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "date": "2015-12-06T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "date": "2015-12-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "date": "2017-02-23T17:10:09",
        "db": "PACKETSTORM",
        "id": "141239"
      },
      {
        "date": "2016-06-02T19:12:12",
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "date": "2016-10-12T20:16:45",
        "db": "PACKETSTORM",
        "id": "139114"
      },
      {
        "date": "2016-03-22T15:18:02",
        "db": "PACKETSTORM",
        "id": "136346"
      },
      {
        "date": "2016-10-12T23:44:55",
        "db": "PACKETSTORM",
        "id": "139116"
      },
      {
        "date": "2016-12-16T16:34:49",
        "db": "PACKETSTORM",
        "id": "140182"
      },
      {
        "date": "2015-12-14T16:40:07",
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "date": "2015-12-04T17:22:00",
        "db": "PACKETSTORM",
        "id": "134632"
      },
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "date": "2015-12-06T20:59:05.973000",
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-07T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07950"
      },
      {
        "date": "2022-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81156"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-3195"
      },
      {
        "date": "2016-11-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      },
      {
        "date": "2022-12-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      },
      {
        "date": "2023-11-07T02:25:31.687000",
        "db": "NVD",
        "id": "CVE-2015-3195"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "137292"
      },
      {
        "db": "PACKETSTORM",
        "id": "134783"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OpenSSL of  crypto/asn1/tasn_dec.c of  ASN1_TFLG_COMBINE Vulnerability in the implementation of critical information obtained from process memory",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006116"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-075"
      }
    ],
    "trust": 0.6
  }
}

cve-2024-32117
Vulnerability from cvelistv5
Published
2024-11-12 18:53
Modified
2024-11-12 20:28
Summary
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32117",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T20:28:37.757904Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:28:55.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 \u0026 FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:50.491Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-115",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-115"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.1 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.8 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-32117",
    "datePublished": "2024-11-12T18:53:50.491Z",
    "dateReserved": "2024-04-11T12:09:46.570Z",
    "dateUpdated": "2024-11-12T20:28:55.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-44253
Vulnerability from cvelistv5
Published
2024-02-15 13:59
Modified
2024-08-23 20:42
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:59:51.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-268",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-268"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-25j8-69h7-83h2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44253",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-23T20:42:16.354603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-23T20:42:24.894Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-15T13:59:24.262Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-268",
          "url": "https://fortiguard.com/psirt/FG-IR-23-268"
        },
        {
          "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-25j8-69h7-83h2"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.0 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.4.2 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-44253",
    "datePublished": "2024-02-15T13:59:24.262Z",
    "dateReserved": "2023-09-27T12:26:48.750Z",
    "dateUpdated": "2024-08-23T20:42:24.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17657
Vulnerability from cvelistv5
Published
2020-04-07 17:11
Modified
2024-10-25 14:25
Severity ?
Summary
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
References
https://fortiguard.com/psirt/FG-IR-19-013x_refsource_CONFIRM
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:47:13.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-19-013"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-17657",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:09:50.087531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:25:34.274Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiSwitch",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "below 3.6.11"
            },
            {
              "status": "affected",
              "version": "6.0.6 and 6.2.2"
            }
          ]
        },
        {
          "product": "FortiAnalyzer",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "below 6.2.3"
            }
          ]
        },
        {
          "product": "FortiManager",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "below 6.2.3"
            }
          ]
        },
        {
          "product": "FortiAP-S/W2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "below 6.2.2"
            }
          ]
        }
      ],
      "datePublic": "2020-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-07T17:11:07",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-19-013"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2019-17657",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiSwitch",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "below 3.6.11"
                          },
                          {
                            "version_value": "6.0.6 and 6.2.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "below 6.2.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "below 6.2.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FortiAP-S/W2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "below 6.2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-19-013",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-19-013"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2019-17657",
    "datePublished": "2020-04-07T17:11:07",
    "dateReserved": "2019-10-16T00:00:00",
    "dateUpdated": "2024-10-25T14:25:34.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-33505
Vulnerability from cvelistv5
Published
2024-11-12 18:53
Modified
2024-11-12 20:54
Summary
A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33505",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T20:54:33.794284Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:54:41.759Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:56.870Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-125",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-125"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAP-U version 7.0.4 or above \nPlease upgrade to FortiClient (all) version 7.4.0 or above \nPlease upgrade to FortiClient (all) version 7.2.5 or above \nPlease upgrade to FortiClient (all) version 7.0.13 or above \nPlease upgrade to FortiManager Cloud version 7.4.3 or above \nPlease upgrade to FortiManager Cloud version 7.2.7 or above \nPlease upgrade to FortiAP version 7.6.0 or above \nPlease upgrade to FortiAP version 7.4.3 or above \nPlease upgrade to FortiClientEMS version 7.2.7 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.4.3 or above \nPlease upgrade to FortiAnalyzer Cloud version 7.2.7 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-33505",
    "datePublished": "2024-11-12T18:53:56.870Z",
    "dateReserved": "2024-04-23T14:18:29.830Z",
    "dateUpdated": "2024-11-12T20:54:41.759Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-38377
Vulnerability from cvelistv5
Published
2022-11-25 15:47
Modified
2024-10-22 20:52
Summary
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:54:03.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-20-143",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-20-143"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-38377",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:18:55.318018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:52:08.654Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.9",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.11",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-25T15:47:41.422Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-20-143",
          "url": "https://fortiguard.com/psirt/FG-IR-20-143"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.2.1 or above\r\nPlease upgrade to FortiManager version 7.0.4 or above\r\nPlease upgrade to FortiManager version 6.4.8 or above\n\r\nPlease upgrade to FortiAnalyzer version 7.2.1 or above\r\nPlease upgrade to\u00a0FortiAnalyzer version 7.0.4 or above\r\nPlease upgrade to\u00a0FortiAnalyzer version 6.4.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-38377",
    "datePublished": "2022-11-25T15:47:41.422Z",
    "dateReserved": "2022-08-16T14:17:48.479Z",
    "dateUpdated": "2024-10-22T20:52:08.654Z",
    "requesterUserId": "a0475cc0-be89-4a25-97b3-d1b8023a8677",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-8495
Vulnerability from cvelistv5
Published
2017-02-13 15:00
Modified
2024-10-25 14:40
Severity ?
Summary
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
References
http://www.securitytracker.com/id/1037805vdb-entry, x_refsource_SECTRACK
https://fortiguard.com/advisory/FG-IR-16-055x_refsource_CONFIRM
http://www.securityfocus.com/bid/96157vdb-entry, x_refsource_BID
Impacted products
FortinetFortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:39.640Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037805",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037805"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-16-055"
          },
          {
            "name": "96157",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96157"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2016-8495",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:04:11.896573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:40:29.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.6 to 5.2.7"
            },
            {
              "status": "affected",
              "version": "5.4.0 to 5.4.1"
            }
          ]
        }
      ],
      "datePublic": "2017-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Credentials exposure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T12:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "1037805",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037805"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-16-055"
        },
        {
          "name": "96157",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96157"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2016-8495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.6 to 5.2.7"
                          },
                          {
                            "version_value": "5.4.0 to 5.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Credentials exposure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037805",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037805"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-16-055",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-16-055"
            },
            {
              "name": "96157",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96157"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2016-8495",
    "datePublished": "2017-02-13T15:00:00",
    "dateReserved": "2016-10-07T00:00:00",
    "dateUpdated": "2024-10-25T14:40:29.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-47575
Vulnerability from cvelistv5
Published
2024-10-23 15:03
Modified
2024-11-07 07:41
Summary
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests.
Impacted products
FortinetFortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47575",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T13:09:25.059197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-10-23",
                "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-24T13:09:29.819Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "lessThanOrEqual": "7.4.4",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.12",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-07T07:41:45.283Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-423"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager Cloud version 7.6.2 or above \nPlease upgrade to FortiManager Cloud version 7.4.5 or above \nPlease upgrade to FortiManager Cloud version 7.2.8 or above \nPlease upgrade to FortiManager Cloud version 7.0.13 or above \nPlease upgrade to FortiManager version 7.6.1 or above \nPlease upgrade to FortiManager version 7.4.5 or above \nPlease upgrade to FortiManager version 7.2.8 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiManager version 6.2.13 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-47575",
    "datePublished": "2024-10-23T15:03:48.798Z",
    "dateReserved": "2024-09-27T16:19:24.137Z",
    "dateUpdated": "2024-11-07T07:41:45.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27490
Vulnerability from cvelistv5
Published
2023-03-07 16:04
Modified
2024-10-22 20:48
Summary
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:57.808Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-18-232",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-18-232"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-27490",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:18:24.164388Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:48:18.405Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.11",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.11",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.9",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.8",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.6",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.1.2",
              "status": "affected",
              "version": "5.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.3",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.2.2",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.1.2",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiSwitch",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.4",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.7",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.7",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-07T16:04:57.843Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-18-232",
          "url": "https://fortiguard.com/psirt/FG-IR-18-232"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to FortiManager\u00a0version 6.0.5\u00a0and above,\nUpgrade to FortiManager\u00a0version 6.2.0\u00a0and above.\nUpgrade to FortiAnalyzer version 6.0.5\u00a0and above,\nUpgrade to FortiAnalyzer version 6.2.0\u00a0and above.\nUpgrade to FortiPortal\u00a0version 6.0.10\u00a0and above.\nUpgrade to FortiSwitch version 6.4.11 and above,\nUpgrade to FortiSwitch version 7.0.5 and above."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-27490",
    "datePublished": "2023-03-07T16:04:57.843Z",
    "dateReserved": "2022-03-21T16:03:48.576Z",
    "dateUpdated": "2024-10-22T20:48:18.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-41842
Vulnerability from cvelistv5
Published
2024-03-12 15:09
Modified
2024-08-12 18:09
Summary
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:09:49.300Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-304",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-304"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortimanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.9",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "6.4.14",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "6.2.12",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortianalyzer",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "6.4.14",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "6.2.12",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "fortiportal",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "6.0.14",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "5.3.8",
                "status": "affected",
                "version": "5.3.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41842",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-22T14:15:41.817688Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T18:09:17.558Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.14",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.8",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and  Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-12T15:09:16.279Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-304",
          "url": "https://fortiguard.com/psirt/FG-IR-23-304"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.10 or above \nPlease upgrade to FortiAnalyzer version 7.4.2 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \nPlease upgrade to FortiAnalyzer version 7.0.10 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.0 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiPortal version 7.0.0 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-41842",
    "datePublished": "2024-03-12T15:09:16.279Z",
    "dateReserved": "2023-09-04T08:12:52.814Z",
    "dateUpdated": "2024-08-12T18:09:17.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-7363
Vulnerability from cvelistv5
Published
2016-10-07 14:00
Modified
2024-08-06 07:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:43:46.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036981",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036981"
          },
          {
            "name": "1036982",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036982"
          },
          {
            "name": "93413",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93413"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1036981",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036981"
        },
        {
          "name": "1036982",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036982"
        },
        {
          "name": "93413",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93413"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-7363",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036981",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036981"
            },
            {
              "name": "1036982",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036982"
            },
            {
              "name": "93413",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93413"
            },
            {
              "name": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-7363",
    "datePublished": "2016-10-07T14:00:00",
    "dateReserved": "2015-09-25T00:00:00",
    "dateUpdated": "2024-08-06T07:43:46.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-33506
Vulnerability from cvelistv5
Published
2024-10-08 14:19
Modified
2024-10-08 16:00
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests.
Impacted products
FortinetFortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33506",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T16:00:39.284052Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T16:00:49.740Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.12",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to access device summary of unauthorized ADOMs via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-08T14:19:03.883Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-472",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-472"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-33506",
    "datePublished": "2024-10-08T14:19:03.883Z",
    "dateReserved": "2024-04-23T14:18:29.830Z",
    "dateUpdated": "2024-10-08T16:00:49.740Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-24006
Vulnerability from cvelistv5
Published
2021-09-06 18:56
Modified
2024-10-25 13:50
Summary
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
References
https://fortiguard.com/advisory/FG-IR-20-061x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:10.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-20-061"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-24006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:58:19.648147Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:50:43.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.4.0 to 6.4.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 6.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-06T18:56:19",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-20-061"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-24006",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.4.0 to 6.4.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "Low",
            "baseScore": 6.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-20-061",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-20-061"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-24006",
    "datePublished": "2021-09-06T18:56:19",
    "dateReserved": "2021-01-13T00:00:00",
    "dateUpdated": "2024-10-25T13:50:43.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12811
Vulnerability from cvelistv5
Published
2020-09-24 13:36
Modified
2024-10-25 14:00
Severity ?
Summary
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
References
https://fortiguard.com/advisory/FG-IR-20-005x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.888Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-20-005"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-12811",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:59:07.086026Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:00:35.701Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager, FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3 ; FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-24T13:36:12",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-20-005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2020-12811",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager, FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3 ; FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-20-005",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-20-005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2020-12811",
    "datePublished": "2020-09-24T13:36:12",
    "dateReserved": "2020-05-12T00:00:00",
    "dateUpdated": "2024-10-25T14:00:35.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3612
Vulnerability from cvelistv5
Published
2020-02-04 19:21
Modified
2024-08-06 05:47
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-15-011"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74444"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032188"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-15-011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T19:24:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-15-011"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/74444"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securitytracker.com/id/1032188"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-15-011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3612",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-15-011",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-15-011"
            },
            {
              "name": "http://www.securityfocus.com/bid/74444",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/74444"
            },
            {
              "name": "http://www.securitytracker.com/id/1032188",
              "refsource": "MISC",
              "url": "http://www.securitytracker.com/id/1032188"
            },
            {
              "name": "https://fortiguard.com/psirt/FG-IR-15-011",
              "refsource": "MISC",
              "url": "https://fortiguard.com/psirt/FG-IR-15-011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3612",
    "datePublished": "2020-02-04T19:21:15",
    "dateReserved": "2015-04-30T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-44249
Vulnerability from cvelistv5
Published
2023-10-10 16:48
Modified
2024-08-02 19:59
Summary
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:59:51.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-201",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-201"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqj"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.13",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.13",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An authorization bypass through user-controlled key\u00a0[CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T16:48:38.122Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-201",
          "url": "https://fortiguard.com/psirt/FG-IR-23-201"
        },
        {
          "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-x8rp-jfwc-gqqj"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-44249",
    "datePublished": "2023-10-10T16:48:38.122Z",
    "dateReserved": "2023-09-27T12:26:48.750Z",
    "dateUpdated": "2024-08-02T19:59:51.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-44256
Vulnerability from cvelistv5
Published
2023-10-20 09:04
Modified
2024-09-12 14:30
Summary
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:59:51.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-19-039",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-19-039"
          },
          {
            "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh",
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortianalyzer",
            "vendor": "fortinet",
            "versions": [
              {
                "status": "affected",
                "version": "7.4.0"
              },
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.0.8",
                "status": "affected",
                "version": "7.0.2",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.4.13",
                "status": "affected",
                "version": "6.4.8",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortimanager",
            "vendor": "fortinet",
            "versions": [
              {
                "status": "affected",
                "version": "7.4.0"
              },
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.0.8",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44256",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-12T14:18:34.268176Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T14:30:39.261Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.13",
              "status": "affected",
              "version": "6.4.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T09:04:52.906Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-19-039",
          "url": "https://fortiguard.com/psirt/FG-IR-19-039"
        },
        {
          "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh",
          "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-44256",
    "datePublished": "2023-10-20T09:04:52.906Z",
    "dateReserved": "2023-09-27T12:26:48.751Z",
    "dateUpdated": "2024-09-12T14:30:39.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-47542
Vulnerability from cvelistv5
Published
2024-04-09 14:24
Modified
2024-08-02 21:09
Summary
A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.
Impacted products
FortinetFortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortimanager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortimanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "7.4.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.2.4",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.0.10",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47542",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-11T04:01:15.993437Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T18:16:11.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:09:37.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-419",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-419"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.10",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1336",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-09T14:24:24.616Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-419",
          "url": "https://fortiguard.com/psirt/FG-IR-23-419"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.11 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-47542",
    "datePublished": "2024-04-09T14:24:24.616Z",
    "dateReserved": "2023-11-06T10:35:25.828Z",
    "dateUpdated": "2024-08-02T21:09:37.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-43072
Vulnerability from cvelistv5
Published
2023-07-18 00:01
Modified
2024-09-17 14:05
Summary
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-43072",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T18:40:02.770628Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T18:40:17.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:47:13.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/advisory/FG-IR-21-206",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-206"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.7",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.11",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.7",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.11",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-17T14:05:39.988Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/advisory/FG-IR-21-206",
          "url": "https://fortiguard.com/advisory/FG-IR-21-206"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.0.3 or above \nPlease upgrade to FortiAnalyzer version 6.4.8 or above \nPlease upgrade to FortiManager version 7.0.3 or above \nPlease upgrade to FortiManager version 6.4.8 or above \nPlease upgrade to FortiOS version 7.2.0 or above \nPlease upgrade to FortiOS version 7.0.6 or above \nPlease upgrade to FortiProxy version 7.0.4 or above \nPlease upgrade to FortiProxy version 2.0.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-43072",
    "datePublished": "2023-07-18T00:01:04.306Z",
    "dateReserved": "2021-10-28T21:06:26.047Z",
    "dateUpdated": "2024-09-17T14:05:39.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26118
Vulnerability from cvelistv5
Published
2022-07-18 16:40
Modified
2024-10-25 13:30
Summary
A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.
References
https://fortiguard.com/psirt/FG-IR-21-056x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-21-056"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:26.918921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:30:41.578Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager , FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3; FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T16:40:52",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-21-056"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-26118",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager , FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3; FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-21-056",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-21-056"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-26118",
    "datePublished": "2022-07-18T16:40:52",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-25T13:30:41.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27483
Vulnerability from cvelistv5
Published
2022-07-18 16:40
Modified
2024-10-25 13:30
Summary
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.
References
https://fortiguard.com/psirt/FG-IR-22-049x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:57.798Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-049"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-27483",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:28.395045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:30:52.271Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager, FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiAnalyzer 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-18T16:40:20",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-22-049"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-27483",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager, FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiAnalyzer 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-22-049",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-22-049"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-27483",
    "datePublished": "2022-07-18T16:40:20",
    "dateReserved": "2022-03-21T00:00:00",
    "dateUpdated": "2024-10-25T13:30:52.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3613
Vulnerability from cvelistv5
Published
2020-02-04 19:28
Modified
2024-08-06 05:47
Severity ?
Summary
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-15-011"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74444"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032188"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T19:28:28",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-15-011"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/74444"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securitytracker.com/id/1032188"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-15-011",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-15-011"
            },
            {
              "name": "http://www.securityfocus.com/bid/74444",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/74444"
            },
            {
              "name": "http://www.securitytracker.com/id/1032188",
              "refsource": "MISC",
              "url": "http://www.securitytracker.com/id/1032188"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3613",
    "datePublished": "2020-02-04T19:28:28",
    "dateReserved": "2015-04-30T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1355
Vulnerability from cvelistv5
Published
2018-06-27 20:00
Modified
2024-10-25 14:09
Severity ?
Summary
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.
References
http://www.securityfocus.com/bid/104546vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1041185vdb-entry, x_refsource_SECTRACK
https://fortiguard.com/advisory/FG-IR-18-022x_refsource_CONFIRM
http://www.securitytracker.com/id/1041184vdb-entry, x_refsource_SECTRACK
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:38.991Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104546",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104546"
          },
          {
            "name": "1041185",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041185"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-18-022"
          },
          {
            "name": "1041184",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041184"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-1355",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:00:17.334147Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:09:11.290Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager, FortiAnalyzer",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.0.0, 5.6.5 and below versions"
            },
            {
              "status": "affected",
              "version": "FortiAnalyzer 6.0.0, 5.6.5 and below versions"
            }
          ]
        }
      ],
      "datePublic": "2018-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature.  An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-27T12:57:02",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "104546",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104546"
        },
        {
          "name": "1041185",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041185"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-18-022"
        },
        {
          "name": "1041184",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041184"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "DATE_PUBLIC": "2018-06-27T00:00:00",
          "ID": "CVE-2018-1355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager, FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.0.0, 5.6.5 and below versions"
                          },
                          {
                            "version_value": "FortiAnalyzer 6.0.0, 5.6.5 and below versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature.  An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104546",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104546"
            },
            {
              "name": "1041185",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041185"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-022",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-18-022"
            },
            {
              "name": "1041184",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041184"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2018-1355",
    "datePublished": "2018-06-27T20:00:00Z",
    "dateReserved": "2017-12-11T00:00:00",
    "dateUpdated": "2024-10-25T14:09:11.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-45857
Vulnerability from cvelistv5
Published
2023-01-05 07:37
Modified
2024-10-22 20:50
Summary
An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted.
Impacted products
FortinetFortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:24:03.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-371",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-371"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-45857",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:18:45.615630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:50:54.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.7",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.8",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-286",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-05T07:37:57.731Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-371",
          "url": "https://fortiguard.com/psirt/FG-IR-22-371"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.0.2 or above\r\nPlease upgrade to FortiManager version 6.4.8 or above\r\nPlease upgrade to FortiManager version 6.2.9 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-45857",
    "datePublished": "2023-01-05T07:37:57.731Z",
    "dateReserved": "2022-11-23T14:57:05.612Z",
    "dateUpdated": "2024-10-22T20:50:54.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17654
Vulnerability from cvelistv5
Published
2020-03-15 22:20
Modified
2024-10-25 14:26
Severity ?
Summary
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
References
https://fortiguard.com/psirt/FG-IR-19-191x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:47:13.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-19-191"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-17654",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:03:40.280141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:26:07.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.0"
            },
            {
              "status": "affected",
              "version": "6.0.6 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T22:20:58",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-19-191"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2019-17654",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.2.1"
                          },
                          {
                            "version_value": "6.2.0"
                          },
                          {
                            "version_value": "6.0.6 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-19-191",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-19-191"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2019-17654",
    "datePublished": "2020-03-15T22:20:58",
    "dateReserved": "2019-10-16T00:00:00",
    "dateUpdated": "2024-10-25T14:26:07.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-42787
Vulnerability from cvelistv5
Published
2023-10-10 16:48
Modified
2024-08-02 19:30
Summary
A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-187",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-187"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-q5pq-8666-j8fr"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.13",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.9",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.13",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A client-side enforcement of server-side security [CWE-602] vulnerability\u00a0in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-602",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T16:48:46.963Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-187",
          "url": "https://fortiguard.com/psirt/FG-IR-23-187"
        },
        {
          "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-q5pq-8666-j8fr"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-42787",
    "datePublished": "2023-10-10T16:48:46.963Z",
    "dateReserved": "2023-09-14T08:37:38.657Z",
    "dateUpdated": "2024-08-02T19:30:24.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-6695
Vulnerability from cvelistv5
Published
2019-08-23 20:07
Modified
2024-10-25 14:28
Severity ?
Summary
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.
References
https://fortiguard.com/advisory/FG-IR-19-017x_refsource_CONFIRM
Impacted products
n/aFortinet FortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:31:03.771Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-19-017"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-6695",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:11:01.608708Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:28:38.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager all versions below 6.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-22T16:07:13",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-19-017"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2019-6695",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager all versions below 6.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-19-017",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-19-017"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2019-6695",
    "datePublished": "2019-08-23T20:07:33",
    "dateReserved": "2019-01-23T00:00:00",
    "dateUpdated": "2024-10-25T14:28:38.678Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-44255
Vulnerability from cvelistv5
Published
2024-11-12 18:53
Modified
2024-11-13 18:27
Summary
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44255",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T18:26:57.803174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:27:11.736Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-359",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:53.585Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-267",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-267"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.1 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-44255",
    "datePublished": "2024-11-12T18:53:53.585Z",
    "dateReserved": "2023-09-27T12:26:48.750Z",
    "dateUpdated": "2024-11-13T18:27:11.736Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22305
Vulnerability from cvelistv5
Published
2023-09-01 11:43
Modified
2024-09-27 18:40
Summary
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:50.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-18-292",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-18-292"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-22305",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T18:01:39.754816Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:40:07.999Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.7",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiSandbox",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "4.0.2",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "3.2.4",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "3.1.5",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "3.0.7",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.0.1",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.6",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper certificate validation vulnerability [CWE-295] in\u00a0FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to\u00a0man-in-the-middle the communication between the listed products and some external peers."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-297",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-01T11:43:03.878Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-18-292",
          "url": "https://fortiguard.com/psirt/FG-IR-18-292"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager\u00a0version 7.0.2\u00a0or above.\r\nPlease upgrade to FortiManager\u00a0version 6.4.7\u00a0or above.\n\r\nPlease upgrade to FortiAnalyzer version 7.0.3\u00a0or above.\r\nPlease upgrade to\u00a0FortiAnalyzer version 6.4.8\u00a0or above.\n\r\nPlease upgrade to FortiSandbox version 4.2.0 or above\u00a0\n\r\n\u00a0"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-22305",
    "datePublished": "2023-09-01T11:43:03.878Z",
    "dateReserved": "2022-01-03T09:39:36.530Z",
    "dateUpdated": "2024-09-27T18:40:07.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-35274
Vulnerability from cvelistv5
Published
2024-11-12 18:53
Modified
2024-11-12 19:59
Summary
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35274",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T19:55:03.516906Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T19:59:39.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.8",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.8",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027) vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:56.277Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-179",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-179"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer-BigData version 7.4.1 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiManager version 7.4.3 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-35274",
    "datePublished": "2024-11-12T18:53:56.277Z",
    "dateReserved": "2024-05-14T21:15:19.188Z",
    "dateUpdated": "2024-11-12T19:59:39.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1351
Vulnerability from cvelistv5
Published
2018-06-28 15:00
Modified
2024-10-25 14:09
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.
References
http://www.securitytracker.com/id/1041181vdb-entry, x_refsource_SECTRACK
https://fortiguard.com/advisory/FG-IR-18-006x_refsource_CONFIRM
http://www.securityfocus.com/bid/104533vdb-entry, x_refsource_BID
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:38.538Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041181",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041181"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-18-006"
          },
          {
            "name": "104533",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104533"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-1351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:00:15.978304Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:09:00.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.0.0 and below versions"
            }
          ]
        }
      ],
      "datePublic": "2018-06-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-22T15:49:33",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "1041181",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041181"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-18-006"
        },
        {
          "name": "104533",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104533"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "DATE_PUBLIC": "2018-06-22T00:00:00",
          "ID": "CVE-2018-1351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.0.0 and below versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041181",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041181"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-006",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-18-006"
            },
            {
              "name": "104533",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104533"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2018-1351",
    "datePublished": "2018-06-28T15:00:00Z",
    "dateReserved": "2017-12-11T00:00:00",
    "dateUpdated": "2024-10-25T14:09:00.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42757
Vulnerability from cvelistv5
Published
2021-12-08 11:01
Modified
2024-08-04 03:38
Summary
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
References
https://fortiguard.com/advisory/FG-IR-21-173x_refsource_CONFIRM
Impacted products
FortinetFortinet FortiOS
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:38:50.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-173"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-08T11:01:11",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-173"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-42757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiOS before 6.4.7, FortiOS 7.0.0 through 7.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 6.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-173",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-173"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-42757",
    "datePublished": "2021-12-08T11:01:11",
    "dateReserved": "2021-10-20T00:00:00",
    "dateUpdated": "2024-08-04T03:38:50.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-32116
Vulnerability from cvelistv5
Published
2024-11-12 18:53
Modified
2024-11-13 18:45
Summary
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32116",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T18:45:03.925191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:45:12.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:54.318Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-099",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-099"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.1 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.8 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-32116",
    "datePublished": "2024-11-12T18:53:54.318Z",
    "dateReserved": "2024-04-11T12:09:46.570Z",
    "dateUpdated": "2024-11-13T18:45:12.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25609
Vulnerability from cvelistv5
Published
2023-06-13 08:41
Modified
2024-10-22 20:45
Summary
A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-493",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-493"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25609",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:18:00.675673Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:45:50.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.6",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.8",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A server-side request forgery (SSRF) vulnerability\u00a0[CWE-918] in\u00a0FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-13T08:41:45.316Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-493",
          "url": "https://fortiguard.com/psirt/FG-IR-22-493"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.7 or above Please upgrade to FortiAnalyzer version 6.4.12 or above Please upgrade to FortiManager version 7.2.2 or above Please upgrade to FortiManager version 7.0.7 or above Please upgrade to FortiManager version 6.4.12 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-25609",
    "datePublished": "2023-06-13T08:41:45.316Z",
    "dateReserved": "2023-02-08T13:42:03.367Z",
    "dateUpdated": "2024-10-22T20:45:50.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-13375
Vulnerability from cvelistv5
Published
2019-05-28 18:33
Modified
2024-10-25 14:07
Severity ?
Summary
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
References
https://fortiguard.com/advisory/FG-IR-18-121x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:00:34.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-18-121"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-13375",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:59:57.608819Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:07:04.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiAnalyzer 5.6.0 and below"
            }
          ]
        },
        {
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 5.6.0 and below"
            }
          ]
        }
      ],
      "datePublic": "2018-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-28T18:33:52",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-18-121"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2018-13375",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiAnalyzer 5.6.0 and below"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 5.6.0 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-121",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-18-121"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2018-13375",
    "datePublished": "2019-05-28T18:33:52",
    "dateReserved": "2018-07-06T00:00:00",
    "dateUpdated": "2024-10-25T14:07:04.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26107
Vulnerability from cvelistv5
Published
2021-11-02 17:51
Modified
2024-10-25 13:47
Summary
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.
References
https://fortiguard.com/advisory/FG-IR-21-043x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:19.419Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-043"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26107",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:58:01.867833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:47:55.852Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.4.5, 6.4.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "WORKAROUND",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:H/RL:W/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper access control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-02T17:51:44",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-043"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-26107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.4.5, 6.4.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "Low",
            "baseScore": 6.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:H/RL:W/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper access control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-043",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-043"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-26107",
    "datePublished": "2021-11-02T17:51:44",
    "dateReserved": "2021-01-25T00:00:00",
    "dateUpdated": "2024-10-25T13:47:55.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-2336
Vulnerability from cvelistv5
Published
2014-10-31 14:00
Modified
2024-08-06 10:14
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
References
http://www.fortiguard.com/advisory/FG-IR-14-033/x_refsource_CONFIRM
http://www.securityfocus.com/bid/70889vdb-entry, x_refsource_BID
http://secunia.com/advisories/61309third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/98479vdb-entry, x_refsource_XF
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:25.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
          },
          {
            "name": "70889",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70889"
          },
          {
            "name": "61309",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61309"
          },
          {
            "name": "fortimanageranalyzer-cve20142336-xss(98479)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
        },
        {
          "name": "70889",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70889"
        },
        {
          "name": "61309",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61309"
        },
        {
          "name": "fortimanageranalyzer-cve20142336-xss(98479)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2336",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fortiguard.com/advisory/FG-IR-14-033/",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/FG-IR-14-033/"
            },
            {
              "name": "70889",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70889"
            },
            {
              "name": "61309",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61309"
            },
            {
              "name": "fortimanageranalyzer-cve20142336-xss(98479)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2336",
    "datePublished": "2014-10-31T14:00:00",
    "dateReserved": "2014-03-12T00:00:00",
    "dateUpdated": "2024-08-06T10:14:25.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-42791
Vulnerability from cvelistv5
Published
2024-02-20 13:19
Modified
2024-08-02 19:30
Summary
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortianalyzer",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "6.2.11",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "6.4.12",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.8",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThan": "7.4.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortimanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "6.2.11",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "6.4.12",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.0.8",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "semver"
              },
              {
                "lessThan": "7.4.1",
                "status": "affected",
                "version": "7.4.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T17:13:32.925996Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T17:18:19.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-189",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-189"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.12",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.12",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-20T13:19:20.221Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-189",
          "url": "https://fortiguard.com/psirt/FG-IR-23-189"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer-BigData version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.0.7 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.4.8 or above \nPlease upgrade to FortiAnalyzer-BigData version 6.2.6 or above \nPlease upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \nPlease upgrade to FortiManager version 7.0.9 or above \nPlease upgrade to FortiManager version 6.4.13 or above \nPlease upgrade to FortiManager version 6.2.12 or above \nPlease upgrade to FortiAnalyzer version 7.4.1 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \nPlease upgrade to FortiAnalyzer version 7.0.9 or above \nPlease upgrade to FortiAnalyzer version 6.4.13 or above \nPlease upgrade to FortiAnalyzer version 6.2.12 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-42791",
    "datePublished": "2024-02-20T13:19:20.221Z",
    "dateReserved": "2023-09-14T08:37:38.657Z",
    "dateUpdated": "2024-08-02T19:30:24.297Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-9289
Vulnerability from cvelistv5
Published
2020-06-16 20:12
Modified
2024-10-25 14:25
Severity ?
Summary
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
References
https://fortiguard.com/psirt/FG-IR-19-007x_refsource_MISC
Impacted products
n/aFortinet FortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:26:16.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-19-007"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-9289",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:09:48.822151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:25:10.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.2.3 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-24T22:33:52",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-19-007"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2020-9289",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.2.3 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-19-007",
              "refsource": "MISC",
              "url": "https://fortiguard.com/psirt/FG-IR-19-007"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2020-9289",
    "datePublished": "2020-06-16T20:12:40",
    "dateReserved": "2020-02-19T00:00:00",
    "dateUpdated": "2024-10-25T14:25:10.790Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-24016
Vulnerability from cvelistv5
Published
2021-09-30 15:18
Modified
2024-10-25 13:49
Summary
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.
References
https://fortiguard.com/advisory/FG-IR-20-190x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:10.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-20-190"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-24016",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:58:16.962299Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:49:57.964Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.4.3, 6.2.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 3.5,
            "temporalSeverity": "LOW",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:X",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-30T15:18:38",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-20-190"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-24016",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.4.3, 6.2.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "High",
            "attackVector": "Adjacent",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Changed",
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:X",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-20-190",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-20-190"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-24016",
    "datePublished": "2021-09-30T15:18:38",
    "dateReserved": "2021-01-13T00:00:00",
    "dateUpdated": "2024-10-25T13:49:57.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-4570
Vulnerability from cvelistv5
Published
2005-12-29 11:00
Modified
2024-08-07 23:53
Severity ?
Summary
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
References
http://www.fortinet.com/FortiGuardCenter/VU226364.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/15997vdb-entry, x_refsource_BID
http://secunia.com/advisories/18446third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/0182vdb-entry, x_refsource_VUPEN
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:53:27.100Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortinet.com/FortiGuardCenter/VU226364.html"
          },
          {
            "name": "15997",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15997"
          },
          {
            "name": "18446",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18446"
          },
          {
            "name": "ADV-2006-0182",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0182"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-12-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.  NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2006-01-17T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortinet.com/FortiGuardCenter/VU226364.html"
        },
        {
          "name": "15997",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15997"
        },
        {
          "name": "18446",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18446"
        },
        {
          "name": "ADV-2006-0182",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0182"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4570",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.  NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fortinet.com/FortiGuardCenter/VU226364.html",
              "refsource": "CONFIRM",
              "url": "http://www.fortinet.com/FortiGuardCenter/VU226364.html"
            },
            {
              "name": "15997",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15997"
            },
            {
              "name": "18446",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18446"
            },
            {
              "name": "ADV-2006-0182",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0182"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4570",
    "datePublished": "2005-12-29T11:00:00",
    "dateReserved": "2005-12-29T00:00:00",
    "dateUpdated": "2024-08-07T23:53:27.100Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1354
Vulnerability from cvelistv5
Published
2018-06-27 20:00
Modified
2024-10-25 14:09
Severity ?
Summary
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
References
http://www.securitytracker.com/id/1041183vdb-entry, x_refsource_SECTRACK
https://fortiguard.com/advisory/FG-IR-18-014x_refsource_CONFIRM
http://www.securitytracker.com/id/1041182vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/104537vdb-entry, x_refsource_BID
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:38.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041183",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041183"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-18-014"
          },
          {
            "name": "1041182",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041182"
          },
          {
            "name": "104537",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104537"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-1354",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:00:18.894628Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:09:22.438Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager, FortiAnalyzer",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.0.0, 5.6.5 and below versions"
            },
            {
              "status": "affected",
              "version": "FortiAnalyzer 6.0.0, 5.6.5 and below versions"
            }
          ]
        }
      ],
      "datePublic": "2018-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-10T17:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "1041183",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041183"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-18-014"
        },
        {
          "name": "1041182",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041182"
        },
        {
          "name": "104537",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2018-1354",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager, FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.0.0, 5.6.5 and below versions"
                          },
                          {
                            "version_value": "FortiAnalyzer 6.0.0, 5.6.5 and below versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041183",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041183"
            },
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-014",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-18-014"
            },
            {
              "name": "1041182",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041182"
            },
            {
              "name": "104537",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2018-1354",
    "datePublished": "2018-06-27T20:00:00",
    "dateReserved": "2017-12-11T00:00:00",
    "dateUpdated": "2024-10-25T14:09:22.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-23666
Vulnerability from cvelistv5
Published
2024-11-12 18:53
Modified
2024-11-13 18:46
Summary
A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23666",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T18:45:58.043073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:46:20.449Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData \r\nat least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-602",
              "description": "Improper access control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:43.202Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-396",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-396"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer-BigData version 7.4.1 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.7 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiManager version 7.0.13 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.0.13 or above \nPlease upgrade to FortiAnalyzer version 6.4.15 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-23666",
    "datePublished": "2024-11-12T18:53:43.202Z",
    "dateReserved": "2024-01-19T08:23:28.612Z",
    "dateUpdated": "2024-11-13T18:46:20.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-24017
Vulnerability from cvelistv5
Published
2021-09-30 15:21
Modified
2024-10-25 13:49
Summary
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
References
https://fortiguard.com/advisory/FG-IR-20-189x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:10.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-20-189"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-24017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:58:15.789961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:49:47.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.4.3, 6.2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:H/RL:X/RC:X",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper access control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-30T15:21:03",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-20-189"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-24017",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.4.3, 6.2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "Low",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:H/RL:X/RC:X",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper access control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-20-189",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-20-189"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-24017",
    "datePublished": "2021-09-30T15:21:03",
    "dateReserved": "2021-01-13T00:00:00",
    "dateUpdated": "2024-10-25T13:49:47.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32598
Vulnerability from cvelistv5
Published
2021-08-05 10:35
Modified
2024-10-25 13:52
Summary
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
References
https://fortiguard.com/advisory/FG-IR-21-063x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-063"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32598",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:58:24.779376Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:52:01.552Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiAnalyzer, FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiAnalyzer 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below; FortiManager 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of CRLF sequences in HTTP headers (\u0027HTTP Response Splitting\u0027) vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "REASONABLE",
            "scope": "UNCHANGED",
            "temporalScore": 3.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:R",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-05T10:35:45",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-063"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-32598",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiAnalyzer, FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiAnalyzer 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below; FortiManager 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper neutralization of CRLF sequences in HTTP headers (\u0027HTTP Response Splitting\u0027) vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 3.8,
            "baseSeverity": "Low",
            "confidentialityImpact": "None",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:U/RC:R",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-063",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-063"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-32598",
    "datePublished": "2021-08-05T10:35:45",
    "dateReserved": "2021-05-11T00:00:00",
    "dateUpdated": "2024-10-25T13:52:01.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21757
Vulnerability from cvelistv5
Published
2024-08-13 15:51
Modified
2024-08-13 17:48
Summary
A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21757",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T17:32:07.480043Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T17:48:37.502Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.10",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.1",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.10",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-620",
              "description": "Escalation of privilege",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T15:51:57.495Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-467",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-467"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.11 or above \nPlease upgrade to FortiAnalyzer version 7.4.2 or above \nPlease upgrade to FortiAnalyzer version 7.2.5 or above \nPlease upgrade to FortiAnalyzer version 7.0.11 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-21757",
    "datePublished": "2024-08-13T15:51:57.495Z",
    "dateReserved": "2024-01-02T10:15:00.526Z",
    "dateUpdated": "2024-08-13T17:48:37.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-31496
Vulnerability from cvelistv5
Published
2024-11-12 18:53
Modified
2024-11-12 19:24
Summary
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-31496",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T19:23:57.500319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T19:24:54.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:57.302Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-098",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-098"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer-BigData version 7.4.1 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.8 or above \nPlease upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-31496",
    "datePublished": "2024-11-12T18:53:57.302Z",
    "dateReserved": "2024-04-04T12:52:41.587Z",
    "dateUpdated": "2024-11-12T19:24:54.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32597
Vulnerability from cvelistv5
Published
2021-08-06 10:48
Modified
2024-10-25 13:51
Summary
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
References
https://fortiguard.com/advisory/FG-IR-21-054x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-054"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:58:23.585665Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:51:39.369Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiAnalyzer, FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiAnalyzer 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, ; FortiManager 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0,"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-06T10:48:20",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-054"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-32597",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiAnalyzer, FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiAnalyzer 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, ; FortiManager 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0,"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-054",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-054"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-32597",
    "datePublished": "2021-08-06T10:48:20",
    "dateReserved": "2021-05-11T00:00:00",
    "dateUpdated": "2024-10-25T13:51:39.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-40719
Vulnerability from cvelistv5
Published
2023-11-14 18:08
Modified
2024-08-30 18:08
Summary
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:38:51.275Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-177",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-177"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-40719",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-30T18:07:40.374088Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-30T18:08:00.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.10",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.10",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-798",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-14T18:08:08.383Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-177",
          "url": "https://fortiguard.com/psirt/FG-IR-23-177"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above \nPlease upgrade to FortiAnalyzer version 7.2.4 or above \nPlease upgrade to FortiManager version 7.4.1 or above \nPlease upgrade to FortiManager version 7.2.4 or above \n"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-40719",
    "datePublished": "2023-11-14T18:08:08.383Z",
    "dateReserved": "2023-08-21T09:03:44.315Z",
    "dateUpdated": "2024-08-30T18:08:00.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-36170
Vulnerability from cvelistv5
Published
2021-10-06 09:22
Modified
2024-10-25 13:49
Summary
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
References
https://fortiguard.com/advisory/FG-IR-21-112x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:47:43.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-112"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-36170",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:58:13.307322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:49:27.613Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager, FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 7.0.0, 6.4.6; FortiAnalyzer 7.0.0, 6.4.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 3,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T09:22:29",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-36170",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager, FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 7.0.0, 6.4.6; FortiAnalyzer 7.0.0, 6.4.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "None",
            "baseScore": 3,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Changed",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-112",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-36170",
    "datePublished": "2021-10-06T09:22:29",
    "dateReserved": "2021-07-06T00:00:00",
    "dateUpdated": "2024-10-25T13:49:27.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-42788
Vulnerability from cvelistv5
Published
2023-10-10 16:48
Modified
2024-10-22 20:58
Summary
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:30:24.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-167",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-167"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-qpv8-g6qv-rf8p"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-42788",
                "options": [
                  {
                    "Exploitation": "None"
                  },
                  {
                    "Automatable": "No"
                  },
                  {
                    "Technical Impact": "Total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:58:28.753630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:58:48.302Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.12",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.12",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an os command (\u0027OS Command Injection\u0027) vulnerability [CWE-78] in FortiManager \u0026 FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T16:48:56.210Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-167",
          "url": "https://fortiguard.com/psirt/FG-IR-23-167"
        },
        {
          "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-qpv8-g6qv-rf8p"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above Please upgrade to FortiManager version 6.2.12 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-42788",
    "datePublished": "2023-10-10T16:48:56.210Z",
    "dateReserved": "2023-09-14T08:37:38.657Z",
    "dateUpdated": "2024-10-22T20:58:48.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-41838
Vulnerability from cvelistv5
Published
2023-10-10 16:49
Modified
2024-09-18 19:03
Summary
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:09:48.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-169",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-169"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41838",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T19:03:36.387880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T19:03:47.798Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.12",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.12",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an os command (\u0027os command injection\u0027) in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:F/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T16:49:27.173Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-169",
          "url": "https://fortiguard.com/psirt/FG-IR-23-169"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above Please upgrade to FortiAnalyzer version 7.2.4 or above Please upgrade to FortiAnalyzer version 7.0.9 or above Please upgrade to FortiAnalyzer version 6.4.13 or above Please upgrade to FortiAnalyzer version 6.2.12 or above Please upgrade to FortiManager version 7.4.1 or above Please upgrade to FortiManager version 7.2.4 or above Please upgrade to FortiManager version 7.0.9 or above Please upgrade to FortiManager version 6.4.13 or above Please upgrade to FortiManager version 6.2.12 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-41838",
    "datePublished": "2023-10-10T16:49:27.173Z",
    "dateReserved": "2023-09-04T08:12:52.814Z",
    "dateUpdated": "2024-09-18T19:03:47.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-32118
Vulnerability from cvelistv5
Published
2024-11-12 18:53
Modified
2024-11-12 20:27
Summary
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-32118",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T20:27:19.311899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T20:27:32.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.5",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.13",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.13",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple improper neutralization of special elements used in an OS command (\u0027OS Command Injection\u0027) vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:56.156Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-116",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-116"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.6 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.4.1 or above \nPlease upgrade to FortiAnalyzer-BigData version 7.2.8 or above \nPlease upgrade to FortiAnalyzer version 7.4.3 or above \nPlease upgrade to FortiAnalyzer version 7.2.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-32118",
    "datePublished": "2024-11-12T18:53:56.156Z",
    "dateReserved": "2024-04-11T12:09:46.570Z",
    "dateUpdated": "2024-11-12T20:27:32.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32587
Vulnerability from cvelistv5
Published
2021-08-06 10:51
Modified
2024-10-25 13:51
Summary
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.
References
https://fortiguard.com/advisory/FG-IR-21-059x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-059"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:58:22.254983Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:51:28.751Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiAnalyzer, FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiAnalyzer 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below; FortiManager 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-18T12:16:20",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-059"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-32587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiAnalyzer, FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiAnalyzer 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below; FortiManager 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11and below, 5.6.11and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 4.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-059",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-059"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-32587",
    "datePublished": "2021-08-06T10:51:07",
    "dateReserved": "2021-05-11T00:00:00",
    "dateUpdated": "2024-10-25T13:51:28.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3611
Vulnerability from cvelistv5
Published
2020-02-04 19:14
Modified
2024-08-06 05:47
Severity ?
Summary
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-15-011"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74444"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032188"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-04T19:14:52",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-15-011"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securityfocus.com/bid/74444"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securitytracker.com/id/1032188"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-15-011",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-15-011"
            },
            {
              "name": "http://www.securityfocus.com/bid/74444",
              "refsource": "MISC",
              "url": "http://www.securityfocus.com/bid/74444"
            },
            {
              "name": "http://www.securitytracker.com/id/1032188",
              "refsource": "MISC",
              "url": "http://www.securitytracker.com/id/1032188"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3611",
    "datePublished": "2020-02-04T19:14:52",
    "dateReserved": "2015-04-30T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1353
Vulnerability from cvelistv5
Published
2018-09-05 13:00
Modified
2024-10-25 14:08
Severity ?
Summary
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.
References
https://fortiguard.com/advisory/FG-IR-18-016x_refsource_CONFIRM
Impacted products
Fortinet, Inc.FortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:38.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-18-016"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-1353",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:00:13.163960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:08:31.739Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FortiManager",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.1 and below"
            }
          ]
        }
      ],
      "datePublic": "2018-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Access Control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-05T12:57:01",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-18-016"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "DATE_PUBLIC": "2018-08-27T00:00:00",
          "ID": "CVE-2018-1353",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.1 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-016",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-18-016"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2018-1353",
    "datePublished": "2018-09-05T13:00:00Z",
    "dateReserved": "2017-12-11T00:00:00",
    "dateUpdated": "2024-10-25T14:08:31.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-26104
Vulnerability from cvelistv5
Published
2022-04-06 16:00
Modified
2024-10-25 13:33
Summary
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:19.450Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-037"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-fvj3-m2pm"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:42.570667Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:33:03.773Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager, FortiAnalyzer, FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-22T19:31:43",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-037"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-fvj3-m2pm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-26104",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager, FortiAnalyzer, FortiPortal",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-037",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-037"
            },
            {
              "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-fvj3-m2pm",
              "refsource": "MISC",
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f73m-fvj3-m2pm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-26104",
    "datePublished": "2022-04-06T16:00:20",
    "dateReserved": "2021-01-25T00:00:00",
    "dateUpdated": "2024-10-25T13:33:03.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-41679
Vulnerability from cvelistv5
Published
2023-10-10 16:51
Modified
2024-10-22 20:56
Summary
An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs
Impacted products
FortinetFortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:01:35.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-062",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-062"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41679",
                "options": [
                  {
                    "Exploitation": "None"
                  },
                  {
                    "Automatable": "No"
                  },
                  {
                    "Technical Impact": "Total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:56:19.689937Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:56:37.984Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least \"device management\" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T16:51:44.600Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-062",
          "url": "https://fortiguard.com/psirt/FG-IR-23-062"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.0 or above\r\nPlease upgrade to FortiManager version 7.2.3 or above\r\nPlease upgrade to FortiManager version 7.0.8 or above\r\nPlease upgrade to FortiManager version 6.4.12 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-41679",
    "datePublished": "2023-10-10T16:51:44.600Z",
    "dateReserved": "2023-08-30T13:42:39.547Z",
    "dateUpdated": "2024-10-22T20:56:37.984Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36554
Vulnerability from cvelistv5
Published
2024-03-12 15:09
Modified
2024-08-02 16:52
Summary
A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
Impacted products
FortinetFortiManager
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortimanager",
            "vendor": "fortinet",
            "versions": [
              {
                "lessThanOrEqual": "6.2.12",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.4.13",
                "status": "affected",
                "version": "6.4.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.0.10",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "7.2.3",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fortimanager",
            "vendor": "fortinet",
            "versions": [
              {
                "status": "affected",
                "version": "7.4.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36554",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-21T04:00:34.995809Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T20:23:29.727Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:52.352Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-23-103",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-23-103"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.10",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.13",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-12T15:09:16.256Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-103",
          "url": "https://fortiguard.com/psirt/FG-IR-23-103"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.1 or above\r\nPlease upgrade to FortiManager version 7.2.4 or above\r\nPlease upgrade to FortiManager version 7.0.11 or above\r\nPlease upgrade to FortiManager version 6.4.14 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-36554",
    "datePublished": "2024-03-12T15:09:16.256Z",
    "dateReserved": "2023-06-23T14:57:30.033Z",
    "dateUpdated": "2024-08-02T16:52:52.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25607
Vulnerability from cvelistv5
Published
2023-10-10 16:51
Modified
2024-10-22 20:57
Summary
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC  7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-352",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-352"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25607",
                "options": [
                  {
                    "Exploitation": "None"
                  },
                  {
                    "Automatable": "No"
                  },
                  {
                    "Technical Impact": "Total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:57:00.870250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:57:26.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiADC",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.6",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.6",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of special elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC\u00a0 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions,  6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe\u00a0usage of the wordexp function."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-10T16:51:31.831Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-352",
          "url": "https://fortiguard.com/psirt/FG-IR-22-352"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.4.0 or above Please upgrade to FortiAnalyzer version 7.2.3 or above Please upgrade to FortiAnalyzer version 7.0.8 or above Please upgrade to FortiAnalyzer version 6.4.12 or above Please upgrade to FortiManager version 7.4.0 or above Please upgrade to FortiManager version 7.2.3 or above Please upgrade to FortiManager version 7.0.8 or above Please upgrade to FortiManager version 6.4.12 or above Please upgrade to FortiADC version 7.1.1 or above Please upgrade to FortiADC version 7.0.4 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-25607",
    "datePublished": "2023-10-10T16:51:31.831Z",
    "dateReserved": "2023-02-08T13:42:03.366Z",
    "dateUpdated": "2024-10-22T20:57:26.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26121
Vulnerability from cvelistv5
Published
2022-10-10 00:00
Modified
2024-10-22 20:53
Summary
An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.398Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-026"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:19:07.058057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:53:41.416Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.4,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-10T00:00:00",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "url": "https://fortiguard.com/psirt/FG-IR-22-026"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-26121",
    "datePublished": "2022-10-10T00:00:00",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-22T20:53:41.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-32603
Vulnerability from cvelistv5
Published
2021-08-05 10:41
Modified
2024-10-25 13:51
Summary
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.
References
https://fortiguard.com/advisory/FG-IR-21-050x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-050"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:13:27.741438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:51:51.308Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiAnalyzer, FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiAnalyzer 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below; FortiManager 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below;"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 8.6,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-05T10:41:00",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-050"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-32603",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiAnalyzer, FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiAnalyzer 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below; FortiManager 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below;"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "High",
            "baseScore": 8.6,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-050",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-050"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-32603",
    "datePublished": "2021-08-05T10:41:00",
    "dateReserved": "2021-05-11T00:00:00",
    "dateUpdated": "2024-10-25T13:51:51.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25606
Vulnerability from cvelistv5
Published
2023-07-11 16:52
Modified
2024-10-22 20:41
Summary
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:25:19.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-471",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-471"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25606",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:17:49.736572Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T20:41:02.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper limitation of a pathname to a restricted directory (\u0027Path Traversal\u0027)\u00a0vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface\u00a07.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 \u00a0all versions may allow a remote and\u00a0authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T16:52:51.034Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-471",
          "url": "https://fortiguard.com/psirt/FG-IR-22-471"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.2.2 or above Please upgrade to FortiManager version 7.0.7 or above Please upgrade to FortiManager version 6.4.12 or above Please upgrade to FortiAnalyzer version 7.2.2 or above Please upgrade to FortiAnalyzer version 7.0.7 or above Please upgrade to FortiAnalyzer version 6.4.12 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-25606",
    "datePublished": "2023-07-11T16:52:51.034Z",
    "dateReserved": "2023-02-08T13:42:03.366Z",
    "dateUpdated": "2024-10-22T20:41:02.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-44254
Vulnerability from cvelistv5
Published
2024-09-10 14:37
Modified
2024-09-10 17:13
Summary
An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44254",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:11.618567Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T17:13:19.223Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.12",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.12",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.12",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An authorization bypass through user-controlled key\u00a0[CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:P/RL:X/RC:X",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:37:45.294Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-23-204",
          "url": "https://fortiguard.com/psirt/FG-IR-23-204"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiAnalyzer version 7.4.1 or above\nPlease upgrade to FortiAnalyzer version 7.2.5 or above\n\nPlease upgrade to FortiManager version 7.4.1 or above\nPlease upgrade to FortiManager version 7.2.5 or above\n\nPlease upgrade to FortiAnalyzer-BigData version 7.4.0 or above\nPlease upgrade to FortiAnalyzer-BigData version 7.2.6 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-44254",
    "datePublished": "2024-09-10T14:37:45.294Z",
    "dateReserved": "2023-09-27T12:26:48.750Z",
    "dateUpdated": "2024-09-10T17:13:19.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22303
Vulnerability from cvelistv5
Published
2022-03-02 10:00
Modified
2024-10-22 21:00
Summary
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
References
https://fortiguard.com/psirt/FG-IR-21-165x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:50.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-21-165"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-22303",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:19:46.875450Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T21:00:31.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "CHANGED",
            "temporalScore": 2.8,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:X",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-02T10:00:12",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-21-165"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-22303",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "High",
            "attackVector": "Local",
            "availabilityImpact": "None",
            "baseScore": 2.8,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:F/RL:X/RC:X",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-21-165",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-21-165"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-22303",
    "datePublished": "2022-03-02T10:00:12",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-10-22T21:00:31.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22642
Vulnerability from cvelistv5
Published
2023-04-11 16:07
Modified
2024-10-23 14:28
Summary
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:49.455Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-502",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-502"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22642",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:11:11.302706Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T14:28:22.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.8",
              "versionType": "semver"
            },
            {
              "lessThan": "6.4.*",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.1",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.10",
              "status": "affected",
              "version": "6.4.8",
              "versionType": "semver"
            },
            {
              "lessThan": "6.4.*",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-11T16:07:12.104Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-502",
          "url": "https://fortiguard.com/psirt/FG-IR-22-502"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.2.2 or above\r\nPlease upgrade to FortiManager version 7.0.6 or above\r\nPlease upgrade to FortiManager version 6.4.11 or above\r\nPlease upgrade to FortiAnalyzer version 7.2.2 or above\r\nPlease upgrade to FortiAnalyzer version 7.0.6 or above\r\nPlease upgrade to FortiAnalyzer version 6.4.11 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-22642",
    "datePublished": "2023-04-11T16:07:12.104Z",
    "dateReserved": "2023-01-05T10:06:31.523Z",
    "dateUpdated": "2024-10-23T14:28:22.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36638
Vulnerability from cvelistv5
Published
2023-09-13 12:29
Modified
2024-09-24 19:58
Summary
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://fortiguard.com/psirt/FG-IR-22-522",
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-22-522"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36638",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T19:45:02.088434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T19:58:57.093Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.2",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.11",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.11",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.12",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Information disclosure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-13T12:29:36.809Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-22-522",
          "url": "https://fortiguard.com/psirt/FG-IR-22-522"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.0 or above Please upgrade to FortiManager version 7.2.3 or above Please upgrade to FortiManager version 7.0.8 or above Please upgrade to FortiManager version 6.4.12 or above Please upgrade to FortiAnalyzer version 7.4.0 or above Please upgrade to FortiAnalyzer version 7.2.3 or above Please upgrade to FortiAnalyzer version 7.0.8 or above Please upgrade to FortiAnalyzer version 6.4.12 or above "
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2023-36638",
    "datePublished": "2023-09-13T12:29:36.809Z",
    "dateReserved": "2023-06-25T18:03:39.227Z",
    "dateUpdated": "2024-09-24T19:58:57.093Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-39950
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-10-25 13:17
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:07:43.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-21-228"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:12:07.696131Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:17:01.104Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiAnalyzer, FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiAnalyzer 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0; FortiManager 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor \"protected\" comment as described in CVE-2020-9281."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.6,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-02T00:00:00",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "url": "https://fortiguard.com/psirt/FG-IR-21-228"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-39950",
    "datePublished": "2022-11-02T00:00:00",
    "dateReserved": "2022-09-05T00:00:00",
    "dateUpdated": "2024-10-25T13:17:01.104Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1360
Vulnerability from cvelistv5
Published
2019-04-25 17:08
Modified
2024-10-25 14:30
Severity ?
Summary
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.
References
https://fortiguard.com/advisory/FG-IR-18-051x_refsource_CONFIRM
http://www.securityfocus.com/bid/108079vdb-entry, x_refsource_BID
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:59:38.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-18-051"
          },
          {
            "name": "108079",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108079"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-1360",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-24T20:03:57.208708Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T14:30:18.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.0 to 5.2.7"
            },
            {
              "status": "affected",
              "version": "5.4.0"
            },
            {
              "status": "affected",
              "version": "5.4.1"
            }
          ]
        }
      ],
      "datePublic": "2019-04-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-29T05:06:04",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-18-051"
        },
        {
          "name": "108079",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108079"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2018-1360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.0 to 5.2.7"
                          },
                          {
                            "version_value": "5.4.0"
                          },
                          {
                            "version_value": "5.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-18-051",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-18-051"
            },
            {
              "name": "108079",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108079"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2018-1360",
    "datePublished": "2019-04-25T17:08:07",
    "dateReserved": "2017-12-11T00:00:00",
    "dateUpdated": "2024-10-25T14:30:18.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26011
Vulnerability from cvelistv5
Published
2024-11-12 18:53
Modified
2024-11-13 18:44
Summary
A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26011",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T18:44:31.679521Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:44:42.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.4",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.11",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.14",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiSwitchManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.2.3",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.3",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiPAM",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "lessThanOrEqual": "1.1.2",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiProxy",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.2",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.9",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.19",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.14",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.13",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.1.6",
              "status": "affected",
              "version": "1.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [],
          "defaultStatus": "unaffected",
          "product": "FortiPortal",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "6.0.14",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.3.8",
              "status": "affected",
              "version": "5.3.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiOS",
          "vendor": "Fortinet",
          "versions": [
            {
              "lessThanOrEqual": "7.4.3",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.2.7",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.14",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.4.15",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.16",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T18:53:56.665Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-032",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-032"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiManager version 7.4.3 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.12 or above \nPlease upgrade to FortiManager version 6.4.15 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiWeb version 7.6.0 or above \nPlease upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiPAM version 1.3.0 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiProxy version 7.4.4 or above \nPlease upgrade to FortiProxy version 7.2.10 or above \nPlease upgrade to FortiPortal version 6.0.15 or above \nPlease upgrade to FortiOS version 7.6.0 or above \nPlease upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.15 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2024-26011",
    "datePublished": "2024-11-12T18:53:56.665Z",
    "dateReserved": "2024-02-14T09:18:43.245Z",
    "dateUpdated": "2024-11-13T18:44:42.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-24022
Vulnerability from cvelistv5
Published
2021-07-20 10:32
Modified
2024-10-25 13:54
Summary
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
References
https://fortiguard.com/advisory/FG-IR-20-194x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:14:10.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-20-194"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-24022",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T14:13:35.881419Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:54:50.579Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiAnalyzer, FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiAnalyzer 6.4.5 and below, 6.2.7 and below,  6.0.x; FortiManager 6.4.5 and below, 6.2.7 and below, 6.0.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service, Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T10:48:05",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-20-194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-24022",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiAnalyzer, FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiAnalyzer 6.4.5 and below, 6.2.7 and below,  6.0.x; FortiManager 6.4.5 and below, 6.2.7 and below, 6.0.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "High",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "denial of service, Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-20-194",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-20-194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-24022",
    "datePublished": "2021-07-20T10:32:49",
    "dateReserved": "2021-01-13T00:00:00",
    "dateUpdated": "2024-10-25T13:54:50.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-36192
Vulnerability from cvelistv5
Published
2021-11-03 10:17
Modified
2024-10-25 13:43
Summary
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS.
References
https://fortiguard.com/advisory/FG-IR-21-103x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:54:50.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/advisory/FG-IR-21-103"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-36192",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-23T13:57:51.717117Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:43:18.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "FUNCTIONAL",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "UNAVAILABLE",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 5.1,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-03T10:17:20",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/advisory/FG-IR-21-103"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2021-36192",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "availabilityImpact": "None",
            "baseScore": 5.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/advisory/FG-IR-21-103",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/advisory/FG-IR-21-103"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-36192",
    "datePublished": "2021-11-03T10:17:20",
    "dateReserved": "2021-07-06T00:00:00",
    "dateUpdated": "2024-10-25T13:43:18.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22300
Vulnerability from cvelistv5
Published
2022-03-01 18:25
Modified
2024-10-22 21:01
Summary
A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.
References
https://fortiguard.com/psirt/FG-IR-21-255x_refsource_CONFIRM
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:07:50.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://fortiguard.com/psirt/FG-IR-21-255"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-22300",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T20:19:49.371396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T21:01:00.396Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fortinet FortiManager, FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "FortiManager 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0; FortiAnalyzer 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.9,
            "temporalSeverity": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-01T18:25:16",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://fortiguard.com/psirt/FG-IR-21-255"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@fortinet.com",
          "ID": "CVE-2022-22300",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fortinet FortiManager, FortiAnalyzer",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "FortiManager 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0; FortiAnalyzer 7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.6.11, 5.6.10, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.1, 5.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Fortinet"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 3.9,
            "baseSeverity": "Low",
            "confidentialityImpact": "None",
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Execute unauthorized code or commands"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://fortiguard.com/psirt/FG-IR-21-255",
              "refsource": "CONFIRM",
              "url": "https://fortiguard.com/psirt/FG-IR-21-255"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2022-22300",
    "datePublished": "2022-03-01T18:25:16",
    "dateReserved": "2022-01-03T00:00:00",
    "dateUpdated": "2024-10-22T21:01:00.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}