Action not permitted
Modal body text goes here.
CVE-2020-36180
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jackson-databind", "vendor": "fasterxml", "versions": [ { "lessThan": "2.9.10.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "debian_linux", "vendor": "debian", "versions": [ { "status": "affected", "version": "8.0" } ] }, { "cpes": [ "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "steelstore_cloud_integrated_storage", "vendor": "netapp", "versions": [ { "status": "affected", "version": "*" } ] }, { "cpes": [ "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "agile_plm", "vendor": "oracle", "versions": [ { "status": "affected", "version": "9.3.6" } ] }, { "cpes": [ "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "autovue_for_agile_product_lifecycle_management", "vendor": "oracle", "versions": [ { "status": "affected", "version": "21.0.2" } ] }, { "cpes": [ "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "banking_digital_experience", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "18.3", "status": "affected", "version": "18.1", "versionType": "custom" }, { "lessThanOrEqual": "19.2", "status": "affected", "version": "19.1", "versionType": "custom" }, { "status": "affected", "version": "20.1" }, { "lessThanOrEqual": "2.9.0", "status": "affected", "version": "2.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "communications_calendar_server", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "8.0.0.5.0", "status": "affected", "version": "8.0.0.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "communications_diameter_signaling_router", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "8.2.2", "status": "affected", "version": "8.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "communications_element_manager", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "8.2.2", "status": "affected", "version": "8.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "communications_evolved_communications_application_server", "vendor": "oracle", "versions": [ { "status": "affected", "version": "7.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "communications_instant_messaging_server", "vendor": "oracle", "versions": [ { "status": "affected", "version": "10.0.1.4.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "communications_network_charging_and_control", "vendor": "oracle", "versions": [ { "status": "affected", "version": "6.0.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "communications_network_charging_and_control", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "12.0.3", "status": "affected", "version": "12.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "communications_session_route_manager", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "8.2.2", "status": "affected", "version": "8.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "enterprise_manager_base_platform", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "13.4.0.0", "status": "affected", "version": "13.3.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "financial_services_analytical_applications_infrastructure", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "8.1.0", "status": "affected", "version": "8.0.6", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "financial_services_institutional_performance_analytics", "vendor": "oracle", "versions": [ { "status": "affected", "version": "8.0.6" }, { "status": "affected", "version": "8.0.7" }, { "status": "affected", "version": "8.1.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "financial_services_price_creation_and_discovery", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "8.0.7", "status": "affected", "version": "8.0.6", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "financial_services_retail_customer_analytics", "vendor": "oracle", "versions": [ { "status": "affected", "version": "8.0.6" } ] }, { "cpes": [ "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "global_lifecycle_management_opatch", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "12.2.0.1.20", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "insurance_policy_administration_j2ee", "vendor": "oracle", "versions": [ { "lessThan": "11.1.0.15", "status": "affected", "version": "11.0.2.25", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jd_edwards_enterpriseone_orchestrator", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "9.2.4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "primavera_unifier", "vendor": "oracle", "versions": [ { "status": "affected", "version": "16.1" }, { "status": "affected", "version": "16.2" }, { "lessThanOrEqual": "17.12", "status": "affected", "version": "17.7", "versionType": "custom" }, { "status": "affected", "version": "18.8" }, { "status": "affected", "version": "19.12" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "retail_merchandising_system", "vendor": "oracle", "versions": [ { "status": "affected", "version": "15.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "retail_sales_audit", "vendor": "oracle", "versions": [ { "status": "affected", "version": "14.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "retail_service_backbone", "vendor": "oracle", "versions": [ { "status": "affected", "version": "14.1" }, { "status": "affected", "version": "15.0" }, { "status": "affected", "version": "16.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "retail_xstore_point_of_service", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "19.0", "status": "affected", "version": "15.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "weblogic_server", "vendor": "oracle", "versions": [ { "lessThanOrEqual": "12.2.1.4.0", "status": "affected", "version": "12.2.1.3.0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2020-36180", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-25T04:00:49.885173Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:12:24.082Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-04T17:23:09.529Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-25T16:20:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36180", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "refsource": "MISC", "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "name": "https://github.com/FasterXML/jackson-databind/issues/3004", "refsource": "MISC", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210205-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-36180", "datePublished": "2021-01-06T22:30:31", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-04T17:23:09.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-36180\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-01-07T00:15:14.913\",\"lastModified\":\"2024-07-03T01:36:30.047\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.\"},{\"lang\":\"es\",\"value\":\"FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionada con org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7081652A-D28B-494E-94EF-CA88117F23EE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97994257-C9A4-4491-B362-E8B25B7187AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55543515-BE87-4D88-8F9B-130FCE792642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D32FE52-C11F-40F0-943A-4FD1241AA599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EE231C5-8BF0-48F4-81EF-7186814664CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9284BB0-343D-46DE-B45D-68081BC20225\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"821A1FAA-6475-4892-97A5-10D434BC2C9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AA5FF83-B693-4DAB-B585-0FD641266231\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC5EC524-B98A-4F6A-BF4F-4AE29C30024C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB82EF9-C41D-48BB-806D-95A114D385A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61F0B664-8F04-4E5A-9276-011012EB60A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D99F81D-61BB-4904-BE31-3367D4A98FD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93866792-1AAE-40AE-84D0-21250A296BE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45AB3A29-0994-46F4-8093-B4A9CE0BD95F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"180F3D2A-7E7A-4DE9-9792-942CB3D6B51E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1534C11-E3F5-49F3-8F8D-7C5C90951E69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1111BCFD-E336-4B31-A87E-76C684AC6DE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"21.1.2\",\"matchCriteriaId\":\"2A50522C-E7AC-4F6F-A340-CF6173FA4D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.3.0\",\"versionEndIncluding\":\"11.3.2\",\"matchCriteriaId\":\"F012E976-E219-46C2-8177-60ED859594BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BEF2FC-89B8-4D97-BB3A-C1ECA19D03B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"790A89FD-6B86-49AE-9B4F-AE7262915E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39D442D-1997-49AF-8B02-5640BE2A26CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4479F76A-4B67-41CC-98C7-C76B81050F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB1BC31C-6016-42A8-9517-2FBBC92620CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4012B512-DB7D-476A-93A6-51054DD6E3D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0\",\"versionEndIncluding\":\"8.5.0.0\",\"matchCriteriaId\":\"380D91D8-78F6-43F1-A3F5-BAA1752D5E53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0.0\",\"versionEndIncluding\":\"8.2.4.0\",\"matchCriteriaId\":\"4EDADF5B-3E55-423E-B976-095456404EEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"987811D5-DA5E-493D-8709-F9231A84E5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4A94B36-479F-48F2-9B9E-ACEA2589EF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28AD22B9-A037-419C-8D72-8B062E6882FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A23B00C1-878A-4B55-B87B-EFFFA6A5E622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5312AC7A-3C16-4967-ACA6-317289A749D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A28F42F0-FBDA-4574-AD30-7A04F27FEA3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062E4E7C-55BB-46F3-8B61-5A663B565891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0.0\",\"versionEndIncluding\":\"8.2.2.1\",\"matchCriteriaId\":\"FB3E2625-08F0-4C8E-B43F-831F0290F0D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0.0\",\"versionEndIncluding\":\"8.2.2.1\",\"matchCriteriaId\":\"F5D870C4-FB9C-406C-9C6F-344670B0B000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FADE563-5AAA-42FF-B43F-35B20A2386C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE3CF700-5042-4DD5-A4B1-53A6C4D8E549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34019365-E6E3-4DBC-89EA-5783A29B61B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A1427F8-50F3-45B2-8836-A80ADA70F431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7BE0590-31BD-4FCD-B50E-A5F86196F99E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"1DDB3D8B-1D04-4345-BB27-723186719CBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F89EC4B-6D34-40F0-B7C6-C03D03F81C13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndIncluding\":\"11.3.0\",\"matchCriteriaId\":\"5DEAB5CD-4223-4A43-AB9E-486113827A6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3E25293-CB03-44CE-A8ED-04B3A0487A6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.3\",\"matchCriteriaId\":\"A0A366B8-1B5C-4C9E-A761-1AB1547D7404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.3\",\"matchCriteriaId\":\"4BCA7DD9-8599-4E43-9D82-999BE15483B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.11\",\"matchCriteriaId\":\"53E2276C-9515-46F6-A621-213A3047B9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.10\",\"matchCriteriaId\":\"3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A932C79-8646-4023-9C12-9C7A2A6840EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"08FA59A8-6A62-4B33-8952-D6E658F8DAC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C57B2CD-FA02-4352-8EDC-A0F039DCCEBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"202AD518-2E9B-4062-B063-9858AE1F9CE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10864586-270E-4ACF-BDCC-ECFCD299305F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38340E3C-C452-4370-86D4-355B6B4E0A06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndIncluding\":\"19.0\",\"matchCriteriaId\":\"B92BB355-DB00-438E-84E5-8EC007009576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7C9BB48-50B2-4735-9E2F-E492C708C36D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E702EBED-DB39-4084-84B1-258BC5FE7545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F7956BF-D5B6-484B-999C-36B45CD8B75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77326E29-0F3C-4BF1-905F-FF89EB9A897A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B2C44-CECD-4551-B04F-4076D0E053C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A502118-5B2B-47AE-82EC-1999BD841103\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.6.7.5\",\"matchCriteriaId\":\"4892ABAA-57A0-43D3-965C-2D7F4A8A6024\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.9.10.8\",\"matchCriteriaId\":\"EC9CC9C2-396F-408E-B0C4-D02D6D5BBEB8\"}]}]}],\"references\":[{\"url\":\"https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/3004\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210205-0005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}" } }
wid-sec-w-2024-0794
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Dell ECS ist ein Objektspeichersystem.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Dell ECS ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0794 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0794.json" }, { "category": "self", "summary": "WID-SEC-2024-0794 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0794" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-141 vom 2024-04-04", "url": "https://www.dell.com/support/kbdoc/000223839/dsa-2024-=" } ], "source_lang": "en-US", "title": "Dell ECS: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-04-04T22:00:00.000+00:00", "generator": { "date": "2024-04-05T09:37:24.604+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0794", "initial_release_date": "2024-04-04T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-04T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 3.8.1.0", "product": { "name": "Dell ECS \u003c 3.8.1.0", "product_id": "T033919", "product_identification_helper": { "cpe": "cpe:/h:dell:ecs:3.8.1.0" } } } ], "category": "product_name", "name": "ECS" } ], "category": "vendor", "name": "Dell" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-18074", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2018-18074" }, { "cve": "CVE-2020-10663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10663" }, { "cve": "CVE-2020-10672", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10672" }, { "cve": "CVE-2020-10673", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10673" }, { "cve": "CVE-2020-10735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10735" }, { "cve": "CVE-2020-10968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10968" }, { "cve": "CVE-2020-10969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-10969" }, { "cve": "CVE-2020-11111", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11111" }, { "cve": "CVE-2020-11112", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11112" }, { "cve": "CVE-2020-11113", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11113" }, { "cve": "CVE-2020-11612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11612" }, { "cve": "CVE-2020-11619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11619" }, { "cve": "CVE-2020-11620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11620" }, { "cve": "CVE-2020-11979", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-11979" }, { "cve": "CVE-2020-12762", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-12762" }, { "cve": "CVE-2020-12825", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-12825" }, { "cve": "CVE-2020-13956", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-13956" }, { "cve": "CVE-2020-14060", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14060" }, { "cve": "CVE-2020-14061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14061" }, { "cve": "CVE-2020-14062", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14062" }, { "cve": "CVE-2020-14195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-14195" }, { "cve": "CVE-2020-15250", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-15250" }, { "cve": "CVE-2020-1945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1945" }, { "cve": "CVE-2020-1967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1967" }, { "cve": "CVE-2020-1971", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-1971" }, { "cve": "CVE-2020-24616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-24616" }, { "cve": "CVE-2020-24750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-24750" }, { "cve": "CVE-2020-25649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-25649" }, { "cve": "CVE-2020-25658", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-25658" }, { "cve": "CVE-2020-26116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26116" }, { "cve": "CVE-2020-26137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26137" }, { "cve": "CVE-2020-26541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-26541" }, { "cve": "CVE-2020-27216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27216" }, { "cve": "CVE-2020-27218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27218" }, { "cve": "CVE-2020-27223", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-27223" }, { "cve": "CVE-2020-28366", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-28366" }, { "cve": "CVE-2020-28493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-28493" }, { "cve": "CVE-2020-29509", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29509" }, { "cve": "CVE-2020-29511", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29511" }, { "cve": "CVE-2020-29582", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29582" }, { "cve": "CVE-2020-29651", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-29651" }, { "cve": "CVE-2020-35490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35490" }, { "cve": "CVE-2020-35491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35491" }, { "cve": "CVE-2020-35728", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-35728" }, { "cve": "CVE-2020-36179", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36179" }, { "cve": "CVE-2020-36180", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36180" }, { "cve": "CVE-2020-36181", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36181" }, { "cve": "CVE-2020-36182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36182" }, { "cve": "CVE-2020-36183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36183" }, { "cve": "CVE-2020-36184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36184" }, { "cve": "CVE-2020-36185", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36185" }, { "cve": "CVE-2020-36186", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36186" }, { "cve": "CVE-2020-36187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36187" }, { "cve": "CVE-2020-36188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36188" }, { "cve": "CVE-2020-36189", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36189" }, { "cve": "CVE-2020-36516", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36516" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36518" }, { "cve": "CVE-2020-36557", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36557" }, { "cve": "CVE-2020-36558", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36558" }, { "cve": "CVE-2020-36691", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-36691" }, { "cve": "CVE-2020-7238", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-7238" }, { "cve": "CVE-2020-8840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8840" }, { "cve": "CVE-2020-8908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8908" }, { "cve": "CVE-2020-8911", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8911" }, { "cve": "CVE-2020-8912", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-8912" }, { "cve": "CVE-2020-9488", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9488" }, { "cve": "CVE-2020-9493", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9493" }, { "cve": "CVE-2020-9546", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9546" }, { "cve": "CVE-2020-9547", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9547" }, { "cve": "CVE-2020-9548", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2020-9548" }, { "cve": "CVE-2021-20190", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-20190" }, { "cve": "CVE-2021-20323", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-20323" }, { "cve": "CVE-2021-21290", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21290" }, { "cve": "CVE-2021-21295", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21295" }, { "cve": "CVE-2021-21409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-21409" }, { "cve": "CVE-2021-23840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-23840" }, { "cve": "CVE-2021-23841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-23841" }, { "cve": "CVE-2021-2471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-2471" }, { "cve": "CVE-2021-25642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-25642" }, { "cve": "CVE-2021-26341", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-26341" }, { "cve": "CVE-2021-27918", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-27918" }, { "cve": "CVE-2021-28153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28153" }, { "cve": "CVE-2021-28165", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28165" }, { "cve": "CVE-2021-28169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28169" }, { "cve": "CVE-2021-28861", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-28861" }, { "cve": "CVE-2021-29425", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-29425" }, { "cve": "CVE-2021-30560", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-30560" }, { "cve": "CVE-2021-3114", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3114" }, { "cve": "CVE-2021-33036", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33036" }, { "cve": "CVE-2021-33194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33194" }, { "cve": "CVE-2021-33195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33195" }, { "cve": "CVE-2021-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33196" }, { "cve": "CVE-2021-33197", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33197" }, { "cve": "CVE-2021-33503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33503" }, { "cve": "CVE-2021-33655", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33655" }, { "cve": "CVE-2021-33656", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-33656" }, { "cve": "CVE-2021-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3424" }, { "cve": "CVE-2021-34428", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-34428" }, { "cve": "CVE-2021-3449", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3449" }, { "cve": "CVE-2021-3450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3450" }, { "cve": "CVE-2021-3530", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3530" }, { "cve": "CVE-2021-36221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36221" }, { "cve": "CVE-2021-36373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36373" }, { "cve": "CVE-2021-36374", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36374" }, { "cve": "CVE-2021-3648", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3648" }, { "cve": "CVE-2021-36690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-36690" }, { "cve": "CVE-2021-3711", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3711" }, { "cve": "CVE-2021-3712", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3712" }, { "cve": "CVE-2021-37136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37136" }, { "cve": "CVE-2021-37137", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37137" }, { "cve": "CVE-2021-37404", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37404" }, { "cve": "CVE-2021-37533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-37533" }, { "cve": "CVE-2021-3754", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3754" }, { "cve": "CVE-2021-3778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3778" }, { "cve": "CVE-2021-3796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3796" }, { "cve": "CVE-2021-3826", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3826" }, { "cve": "CVE-2021-3827", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3827" }, { "cve": "CVE-2021-38297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-38297" }, { "cve": "CVE-2021-3872", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3872" }, { "cve": "CVE-2021-3875", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3875" }, { "cve": "CVE-2021-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3903" }, { "cve": "CVE-2021-3923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3923" }, { "cve": "CVE-2021-3927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3927" }, { "cve": "CVE-2021-3928", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3928" }, { "cve": "CVE-2021-3968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3968" }, { "cve": "CVE-2021-3973", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3973" }, { "cve": "CVE-2021-3974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3974" }, { "cve": "CVE-2021-3984", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-3984" }, { "cve": "CVE-2021-4019", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4019" }, { "cve": "CVE-2021-4037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4037" }, { "cve": "CVE-2021-4069", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4069" }, { "cve": "CVE-2021-4104", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4104" }, { "cve": "CVE-2021-4136", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4136" }, { "cve": "CVE-2021-4157", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4157" }, { "cve": "CVE-2021-4166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4166" }, { "cve": "CVE-2021-41771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-41771" }, { "cve": "CVE-2021-4192", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4192" }, { "cve": "CVE-2021-4193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4193" }, { "cve": "CVE-2021-4203", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-4203" }, { "cve": "CVE-2021-42567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-42567" }, { "cve": "CVE-2021-43797", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-43797" }, { "cve": "CVE-2021-44531", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44531" }, { "cve": "CVE-2021-44532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44532" }, { "cve": "CVE-2021-44533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44533" }, { "cve": "CVE-2021-44716", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44716" }, { "cve": "CVE-2021-44878", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-44878" }, { "cve": "CVE-2021-45078", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-45078" }, { "cve": "CVE-2021-46195", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46195" }, { "cve": "CVE-2021-46828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46828" }, { "cve": "CVE-2021-46848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2021-46848" }, { "cve": "CVE-2022-0128", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0128" }, { "cve": "CVE-2022-0213", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0213" }, { "cve": "CVE-2022-0225", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0225" }, { "cve": "CVE-2022-0261", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0261" }, { "cve": "CVE-2022-0318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0318" }, { "cve": "CVE-2022-0319", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0319" }, { "cve": "CVE-2022-0351", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0351" }, { "cve": "CVE-2022-0359", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0359" }, { "cve": "CVE-2022-0361", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0361" }, { "cve": "CVE-2022-0392", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0392" }, { "cve": "CVE-2022-0407", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0407" }, { "cve": "CVE-2022-0413", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0413" }, { "cve": "CVE-2022-0561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0561" }, { "cve": "CVE-2022-0696", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0696" }, { "cve": "CVE-2022-0778", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-0778" }, { "cve": "CVE-2022-1184", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1184" }, { "cve": "CVE-2022-1245", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1245" }, { "cve": "CVE-2022-1271", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1271" }, { "cve": "CVE-2022-1292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1292" }, { "cve": "CVE-2022-1381", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1381" }, { "cve": "CVE-2022-1420", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1420" }, { "cve": "CVE-2022-1462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1462" }, { "cve": "CVE-2022-1466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1466" }, { "cve": "CVE-2022-1471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1471" }, { "cve": "CVE-2022-1586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1586" }, { "cve": "CVE-2022-1587", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1587" }, { "cve": "CVE-2022-1616", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1616" }, { "cve": "CVE-2022-1619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1619" }, { "cve": "CVE-2022-1620", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1620" }, { "cve": "CVE-2022-1679", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1679" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1720", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1720" }, { "cve": "CVE-2022-1729", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1729" }, { "cve": "CVE-2022-1733", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1733" }, { "cve": "CVE-2022-1735", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1735" }, { "cve": "CVE-2022-1771", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1771" }, { "cve": "CVE-2022-1785", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1785" }, { "cve": "CVE-2022-1796", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1796" }, { "cve": "CVE-2022-1851", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1851" }, { "cve": "CVE-2022-1897", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1897" }, { "cve": "CVE-2022-1898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1898" }, { "cve": "CVE-2022-1927", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1927" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-1968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1968" }, { "cve": "CVE-2022-1974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1974" }, { "cve": "CVE-2022-1975", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-1975" }, { "cve": "CVE-2022-20132", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20132" }, { "cve": "CVE-2022-20141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20141" }, { "cve": "CVE-2022-20154", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20154" }, { "cve": "CVE-2022-20166", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20166" }, { "cve": "CVE-2022-20368", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20368" }, { "cve": "CVE-2022-20369", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20369" }, { "cve": "CVE-2022-2047", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2047" }, { "cve": "CVE-2022-2048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2048" }, { "cve": "CVE-2022-20567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-20567" }, { "cve": "CVE-2022-2068", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2068" }, { "cve": "CVE-2022-2097", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2097" }, { "cve": "CVE-2022-21216", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21216" }, { "cve": "CVE-2022-21233", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21233" }, { "cve": "CVE-2022-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2124" }, { "cve": "CVE-2022-2125", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2125" }, { "cve": "CVE-2022-2126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2126" }, { "cve": "CVE-2022-2129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2129" }, { "cve": "CVE-2022-21363", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21363" }, { "cve": "CVE-2022-21385", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21385" }, { "cve": "CVE-2022-21499", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21499" }, { "cve": "CVE-2022-2153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2153" }, { "cve": "CVE-2022-21540", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21540" }, { "cve": "CVE-2022-21541", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21541" }, { "cve": "CVE-2022-21549", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21549" }, { "cve": "CVE-2022-21618", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21618" }, { "cve": "CVE-2022-21619", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21619" }, { "cve": "CVE-2022-21624", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21624" }, { "cve": "CVE-2022-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21626" }, { "cve": "CVE-2022-21628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21628" }, { "cve": "CVE-2022-21702", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-21702" }, { "cve": "CVE-2022-2175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2175" }, { "cve": "CVE-2022-2182", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2182" }, { "cve": "CVE-2022-2183", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2183" }, { "cve": "CVE-2022-2206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2206" }, { "cve": "CVE-2022-2207", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2207" }, { "cve": "CVE-2022-2208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2208" }, { "cve": "CVE-2022-2210", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2210" }, { "cve": "CVE-2022-2231", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2231" }, { "cve": "CVE-2022-2256", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2256" }, { "cve": "CVE-2022-2257", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2257" }, { "cve": "CVE-2022-2264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2264" }, { "cve": "CVE-2022-2284", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2284" }, { "cve": "CVE-2022-2285", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2285" }, { "cve": "CVE-2022-2286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2286" }, { "cve": "CVE-2022-2287", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2287" }, { "cve": "CVE-2022-22976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-22976" }, { "cve": "CVE-2022-22978", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-22978" }, { "cve": "CVE-2022-2304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2304" }, { "cve": "CVE-2022-2318", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2318" }, { "cve": "CVE-2022-23302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23302" }, { "cve": "CVE-2022-23305", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23305" }, { "cve": "CVE-2022-23307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23307" }, { "cve": "CVE-2022-2343", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2343" }, { "cve": "CVE-2022-2344", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2344" }, { "cve": "CVE-2022-2345", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2345" }, { "cve": "CVE-2022-23471", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23471" }, { "cve": "CVE-2022-23521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23521" }, { "cve": "CVE-2022-23772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23772" }, { "cve": "CVE-2022-23773", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-23773" }, { "cve": "CVE-2022-24302", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24302" }, { "cve": "CVE-2022-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24329" }, { "cve": "CVE-2022-24823", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24823" }, { "cve": "CVE-2022-24903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-24903" }, { "cve": "CVE-2022-2503", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2503" }, { "cve": "CVE-2022-25147", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25147" }, { "cve": "CVE-2022-25168", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25168" }, { "cve": "CVE-2022-2519", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2519" }, { "cve": "CVE-2022-2520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2520" }, { "cve": "CVE-2022-2521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2521" }, { "cve": "CVE-2022-2522", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2522" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25647" }, { "cve": "CVE-2022-2571", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2571" }, { "cve": "CVE-2022-2580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2580" }, { "cve": "CVE-2022-2581", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2581" }, { "cve": "CVE-2022-25857", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-25857" }, { "cve": "CVE-2022-2588", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2588" }, { "cve": "CVE-2022-2598", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2598" }, { "cve": "CVE-2022-26148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26148" }, { "cve": "CVE-2022-26365", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26365" }, { "cve": "CVE-2022-26373", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26373" }, { "cve": "CVE-2022-2639", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2639" }, { "cve": "CVE-2022-26612", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-26612" }, { "cve": "CVE-2022-2663", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2663" }, { "cve": "CVE-2022-27781", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27781" }, { "cve": "CVE-2022-27782", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27782" }, { "cve": "CVE-2022-27943", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-27943" }, { "cve": "CVE-2022-2795", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2795" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-2816", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2816" }, { "cve": "CVE-2022-2817", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2817" }, { "cve": "CVE-2022-2819", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2819" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-2845", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2845" }, { "cve": "CVE-2022-2849", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2849" }, { "cve": "CVE-2022-2862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2862" }, { "cve": "CVE-2022-2867", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2867" }, { "cve": "CVE-2022-2868", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2868" }, { "cve": "CVE-2022-2869", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2869" }, { "cve": "CVE-2022-28693", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28693" }, { "cve": "CVE-2022-2874", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2874" }, { "cve": "CVE-2022-28748", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-28748" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-2889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2889" }, { "cve": "CVE-2022-29162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29162" }, { "cve": "CVE-2022-29187", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29187" }, { "cve": "CVE-2022-2923", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2923" }, { "cve": "CVE-2022-2946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2946" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-29583", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29583" }, { "cve": "CVE-2022-2964", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2964" }, { "cve": "CVE-2022-2977", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2977" }, { "cve": "CVE-2022-2980", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2980" }, { "cve": "CVE-2022-2982", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2982" }, { "cve": "CVE-2022-29900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29900" }, { "cve": "CVE-2022-29901", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-29901" }, { "cve": "CVE-2022-2991", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-2991" }, { "cve": "CVE-2022-3016", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3016" }, { "cve": "CVE-2022-3028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3028" }, { "cve": "CVE-2022-3037", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3037" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-3099", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3099" }, { "cve": "CVE-2022-31030", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31030" }, { "cve": "CVE-2022-31159", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31159" }, { "cve": "CVE-2022-3134", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3134" }, { "cve": "CVE-2022-3153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3153" }, { "cve": "CVE-2022-3169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3169" }, { "cve": "CVE-2022-31690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-31690" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-32149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32149" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-3234", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3234" }, { "cve": "CVE-2022-3235", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3235" }, { "cve": "CVE-2022-3239", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3239" }, { "cve": "CVE-2022-3278", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3278" }, { "cve": "CVE-2022-3296", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3296" }, { "cve": "CVE-2022-3297", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3297" }, { "cve": "CVE-2022-33196", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33196" }, { "cve": "CVE-2022-3324", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3324" }, { "cve": "CVE-2022-3352", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3352" }, { "cve": "CVE-2022-33740", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33740" }, { "cve": "CVE-2022-33741", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33741" }, { "cve": "CVE-2022-33742", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33742" }, { "cve": "CVE-2022-33972", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33972" }, { "cve": "CVE-2022-33981", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-33981" }, { "cve": "CVE-2022-34169", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34169" }, { "cve": "CVE-2022-3424", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3424" }, { "cve": "CVE-2022-34266", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34266" }, { "cve": "CVE-2022-34526", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34526" }, { "cve": "CVE-2022-34903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-34903" }, { "cve": "CVE-2022-3491", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3491" }, { "cve": "CVE-2022-3515", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3515" }, { "cve": "CVE-2022-3520", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3520" }, { "cve": "CVE-2022-3521", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3521" }, { "cve": "CVE-2022-3524", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3524" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-3542", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3542" }, { "cve": "CVE-2022-3545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3545" }, { "cve": "CVE-2022-3564", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3564" }, { "cve": "CVE-2022-3565", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3565" }, { "cve": "CVE-2022-3566", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3566" }, { "cve": "CVE-2022-3567", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3567" }, { "cve": "CVE-2022-35737", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-35737" }, { "cve": "CVE-2022-3586", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3586" }, { "cve": "CVE-2022-3591", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3591" }, { "cve": "CVE-2022-3594", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3594" }, { "cve": "CVE-2022-3597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3597" }, { "cve": "CVE-2022-3599", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3599" }, { "cve": "CVE-2022-36109", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36109" }, { "cve": "CVE-2022-3621", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3621" }, { "cve": "CVE-2022-3626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3626" }, { "cve": "CVE-2022-3627", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3627" }, { "cve": "CVE-2022-3628", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3628" }, { "cve": "CVE-2022-36280", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36280" }, { "cve": "CVE-2022-3629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3629" }, { "cve": "CVE-2022-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3635" }, { "cve": "CVE-2022-3643", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3643" }, { "cve": "CVE-2022-36437", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36437" }, { "cve": "CVE-2022-3646", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3646" }, { "cve": "CVE-2022-3649", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3649" }, { "cve": "CVE-2022-36760", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36760" }, { "cve": "CVE-2022-36879", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36879" }, { "cve": "CVE-2022-36946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-36946" }, { "cve": "CVE-2022-3705", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3705" }, { "cve": "CVE-2022-37434", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37434" }, { "cve": "CVE-2022-37436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37436" }, { "cve": "CVE-2022-37865", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37865" }, { "cve": "CVE-2022-37866", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-37866" }, { "cve": "CVE-2022-38090", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38090" }, { "cve": "CVE-2022-38096", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38096" }, { "cve": "CVE-2022-38126", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38126" }, { "cve": "CVE-2022-38127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38127" }, { "cve": "CVE-2022-38177", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38177" }, { "cve": "CVE-2022-38178", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38178" }, { "cve": "CVE-2022-3821", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3821" }, { "cve": "CVE-2022-38533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38533" }, { "cve": "CVE-2022-38749", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38749" }, { "cve": "CVE-2022-38750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38750" }, { "cve": "CVE-2022-38751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38751" }, { "cve": "CVE-2022-38752", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-38752" }, { "cve": "CVE-2022-39028", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39028" }, { "cve": "CVE-2022-3903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3903" }, { "cve": "CVE-2022-39188", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39188" }, { "cve": "CVE-2022-39399", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-39399" }, { "cve": "CVE-2022-3970", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-3970" }, { "cve": "CVE-2022-40149", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40149" }, { "cve": "CVE-2022-40150", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40150" }, { "cve": "CVE-2022-40151", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40151" }, { "cve": "CVE-2022-40152", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40152" }, { "cve": "CVE-2022-40153", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40153" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40307", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40307" }, { "cve": "CVE-2022-40674", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40674" }, { "cve": "CVE-2022-40768", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40768" }, { "cve": "CVE-2022-40899", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-40899" }, { "cve": "CVE-2022-4095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4095" }, { "cve": "CVE-2022-41218", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41218" }, { "cve": "CVE-2022-4129", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4129" }, { "cve": "CVE-2022-4141", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4141" }, { "cve": "CVE-2022-41717", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41717" }, { "cve": "CVE-2022-41721", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41721" }, { "cve": "CVE-2022-41848", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41848" }, { "cve": "CVE-2022-41850", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41850" }, { "cve": "CVE-2022-41854", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41854" }, { "cve": "CVE-2022-41858", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41858" }, { "cve": "CVE-2022-41881", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41881" }, { "cve": "CVE-2022-41903", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41903" }, { "cve": "CVE-2022-41915", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41915" }, { "cve": "CVE-2022-41966", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41966" }, { "cve": "CVE-2022-41974", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-41974" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42010", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42010" }, { "cve": "CVE-2022-42011", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42011" }, { "cve": "CVE-2022-42012", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42012" }, { "cve": "CVE-2022-42328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42328" }, { "cve": "CVE-2022-42329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42329" }, { "cve": "CVE-2022-42703", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42703" }, { "cve": "CVE-2022-42889", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42889" }, { "cve": "CVE-2022-42895", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42895" }, { "cve": "CVE-2022-42896", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42896" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-4292", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4292" }, { "cve": "CVE-2022-4293", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4293" }, { "cve": "CVE-2022-42969", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-42969" }, { "cve": "CVE-2022-4304", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4304" }, { "cve": "CVE-2022-43552", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43552" }, { "cve": "CVE-2022-43680", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43680" }, { "cve": "CVE-2022-43750", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43750" }, { "cve": "CVE-2022-4378", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4378" }, { "cve": "CVE-2022-43945", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43945" }, { "cve": "CVE-2022-43995", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-43995" }, { "cve": "CVE-2022-4415", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4415" }, { "cve": "CVE-2022-4450", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4450" }, { "cve": "CVE-2022-44638", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-44638" }, { "cve": "CVE-2022-45061", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45061" }, { "cve": "CVE-2022-45688", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45688" }, { "cve": "CVE-2022-45884", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45884" }, { "cve": "CVE-2022-45885", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45885" }, { "cve": "CVE-2022-45886", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45886" }, { "cve": "CVE-2022-45887", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45887" }, { "cve": "CVE-2022-45919", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45919" }, { "cve": "CVE-2022-45934", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45934" }, { "cve": "CVE-2022-45939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-45939" }, { "cve": "CVE-2022-4662", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-4662" }, { "cve": "CVE-2022-46751", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-46751" }, { "cve": "CVE-2022-46908", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-46908" }, { "cve": "CVE-2022-47629", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-47629" }, { "cve": "CVE-2022-47929", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-47929" }, { "cve": "CVE-2022-48281", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48281" }, { "cve": "CVE-2022-48337", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48337" }, { "cve": "CVE-2022-48339", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2022-48339" }, { "cve": "CVE-2023-0045", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0045" }, { "cve": "CVE-2023-0049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0049" }, { "cve": "CVE-2023-0051", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0051" }, { "cve": "CVE-2023-0054", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0054" }, { "cve": "CVE-2023-0215", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0215" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0288", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0288" }, { "cve": "CVE-2023-0433", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0433" }, { "cve": "CVE-2023-0464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0464" }, { "cve": "CVE-2023-0465", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0465" }, { "cve": "CVE-2023-0466", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0466" }, { "cve": "CVE-2023-0512", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0512" }, { "cve": "CVE-2023-0590", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0590" }, { "cve": "CVE-2023-0597", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0597" }, { "cve": "CVE-2023-0833", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-0833" }, { "cve": "CVE-2023-1076", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1076" }, { "cve": "CVE-2023-1095", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1095" }, { "cve": "CVE-2023-1118", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1118" }, { "cve": "CVE-2023-1127", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1127" }, { "cve": "CVE-2023-1170", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1170" }, { "cve": "CVE-2023-1175", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1175" }, { "cve": "CVE-2023-1370", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1370" }, { "cve": "CVE-2023-1380", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1380" }, { "cve": "CVE-2023-1390", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1390" }, { "cve": "CVE-2023-1436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1436" }, { "cve": "CVE-2023-1513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1513" }, { "cve": "CVE-2023-1611", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1611" }, { "cve": "CVE-2023-1670", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1670" }, { "cve": "CVE-2023-1855", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1855" }, { "cve": "CVE-2023-1989", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1989" }, { "cve": "CVE-2023-1990", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1990" }, { "cve": "CVE-2023-1998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-1998" }, { "cve": "CVE-2023-20862", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-20862" }, { "cve": "CVE-2023-2124", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2124" }, { "cve": "CVE-2023-2162", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2162" }, { "cve": "CVE-2023-2176", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2176" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21830" }, { "cve": "CVE-2023-21835", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21835" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21930", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21930" }, { "cve": "CVE-2023-21937", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21937" }, { "cve": "CVE-2023-21938", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21938" }, { "cve": "CVE-2023-21939", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21939" }, { "cve": "CVE-2023-2194", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2194" }, { "cve": "CVE-2023-21954", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21954" }, { "cve": "CVE-2023-21967", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21967" }, { "cve": "CVE-2023-21968", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-21968" }, { "cve": "CVE-2023-22490", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-22490" }, { "cve": "CVE-2023-2253", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2253" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-23454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23454" }, { "cve": "CVE-2023-23455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23455" }, { "cve": "CVE-2023-23559", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23559" }, { "cve": "CVE-2023-23916", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23916" }, { "cve": "CVE-2023-23946", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-23946" }, { "cve": "CVE-2023-24329", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24329" }, { "cve": "CVE-2023-24532", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24532" }, { "cve": "CVE-2023-24534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24534" }, { "cve": "CVE-2023-2483", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2483" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-2513", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2513" }, { "cve": "CVE-2023-25193", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25193" }, { "cve": "CVE-2023-25652", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25652" }, { "cve": "CVE-2023-25690", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25690" }, { "cve": "CVE-2023-25809", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25809" }, { "cve": "CVE-2023-25815", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-25815" }, { "cve": "CVE-2023-26048", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26048" }, { "cve": "CVE-2023-26049", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26049" }, { "cve": "CVE-2023-2650", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2650" }, { "cve": "CVE-2023-26545", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26545" }, { "cve": "CVE-2023-26604", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-26604" }, { "cve": "CVE-2023-27533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27533" }, { "cve": "CVE-2023-27534", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27534" }, { "cve": "CVE-2023-27535", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27535" }, { "cve": "CVE-2023-27536", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27536" }, { "cve": "CVE-2023-27538", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27538" }, { "cve": "CVE-2023-27561", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-27561" }, { "cve": "CVE-2023-2828", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2828" }, { "cve": "CVE-2023-28320", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28320" }, { "cve": "CVE-2023-28321", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28321" }, { "cve": "CVE-2023-28322", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28322" }, { "cve": "CVE-2023-28328", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28328" }, { "cve": "CVE-2023-28464", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28464" }, { "cve": "CVE-2023-28486", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28486" }, { "cve": "CVE-2023-28487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28487" }, { "cve": "CVE-2023-28642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28642" }, { "cve": "CVE-2023-28772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28772" }, { "cve": "CVE-2023-28840", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28840" }, { "cve": "CVE-2023-28841", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28841" }, { "cve": "CVE-2023-28842", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-28842" }, { "cve": "CVE-2023-29007", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29007" }, { "cve": "CVE-2023-29383", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29383" }, { "cve": "CVE-2023-29402", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29402" }, { "cve": "CVE-2023-29406", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29406" }, { "cve": "CVE-2023-29409", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-29409" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-30630", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-30630" }, { "cve": "CVE-2023-30772", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-30772" }, { "cve": "CVE-2023-31084", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31084" }, { "cve": "CVE-2023-3138", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-3138" }, { "cve": "CVE-2023-31436", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31436" }, { "cve": "CVE-2023-31484", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-31484" }, { "cve": "CVE-2023-32269", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-32269" }, { "cve": "CVE-2023-32697", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-32697" }, { "cve": "CVE-2023-33264", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-33264" }, { "cve": "CVE-2023-34034", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34034" }, { "cve": "CVE-2023-34035", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34035" }, { "cve": "CVE-2023-34453", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34453" }, { "cve": "CVE-2023-34454", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34454" }, { "cve": "CVE-2023-34455", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34455" }, { "cve": "CVE-2023-34462", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-34462" }, { "cve": "CVE-2023-35116", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-35116" }, { "cve": "CVE-2023-3635", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-3635" }, { "cve": "CVE-2023-36479", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-36479" }, { "cve": "CVE-2023-39533", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-39533" }, { "cve": "CVE-2023-40167", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-40167" }, { "cve": "CVE-2023-40217", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-40217" }, { "cve": "CVE-2023-41105", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-41105" }, { "cve": "CVE-2023-41900", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-41900" }, { "cve": "CVE-2023-43642", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-43642" }, { "cve": "CVE-2023-43804", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-43804" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-45803", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2023-45803" }, { "cve": "CVE-2024-21626", "notes": [ { "category": "description", "text": "In Dell ECS existieren mehrere Schwachstellen. Diese bestehen in diversen Komponenten von Drittanbietern. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, Informationen offenzulegen, Dateien zu manipulieren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren." } ], "release_date": "2024-04-04T22:00:00Z", "title": "CVE-2024-21626" } ] }
rhsa-2021_1230
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container\nPlatform 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)\n\n* jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)\n\n* jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-35728)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-36184)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource (CVE-2020-36185)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource (CVE-2020-36186)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource (CVE-2020-36187)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource (CVE-2020-36188)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource (CVE-2020-36189)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing (CVE-2021-20190)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1230", "url": "https://access.redhat.com/errata/RHSA-2021:1230" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_1230.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 4.6.26 security and extras update", "tracking": { "current_release_date": "2021-04-27T08:55:00Z", "generator": { "date": "2023-07-01T04:44:00Z", "engine": { "name": "Red Hat SDEngine", "version": "3.18.0" } }, "id": "RHSA-2021:1230", "initial_release_date": "2021-04-27T08:55:00Z", "revision_history": [ { "date": "2021-04-27T08:55:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "category": "product_version", "name": "openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-ansible-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "product": { "name": "openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "product_id": "openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0" } }, { "category": "product_version", "name": "openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-descheduler:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-descheduler:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-descheduler:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-egress-router:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-egress-router:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-egress-router:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "product": { "name": "openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "product_id": "openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0" } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-ghostunnel:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-helm-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0" } }, { "category": "product_version", "name": "openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "product": { "name": "openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "product_id": "openshift4/ose-logging-curator5:v4.6.0-202104161407.p0" } }, { "category": "product_version", "name": "openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0", "product": { "name": "openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0", "product_id": "openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" } }, { "category": "product_version", "name": "openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "product": { "name": "openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "product_id": "openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0" } }, { "category": "product_version", "name": "openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "product": { "name": "openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "product_id": "openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0" } }, { "category": "product_version", "name": "openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "product": { "name": "openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "product_id": "openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "product": { "name": "openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "product_id": "openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-metering-hive:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-metering-presto:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-ptp-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-ptp:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-ptp:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-ptp:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-sriov-cni:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0" } }, { "category": "product_version", "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0", "product": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0", "product_id": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" } } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ansible-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0" }, "product_reference": "openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-descheduler:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-descheduler:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-egress-router:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-egress-router:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0" }, "product_reference": "openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ghostunnel:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-helm-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-curator5:v4.6.0-202104161407.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0" }, "product_reference": "openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" }, "product_reference": "openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0" }, "product_reference": "openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0" }, "product_reference": "openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0" }, "product_reference": "openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0" }, "product_reference": "openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-hive:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-presto:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-ptp:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-ptp:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-cni:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" }, "product_reference": "openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0", "relates_to_product_reference": "8Base-RHOSE-4.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14718", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: arbitrary code execution in slf4j-ext class", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14718", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718" }, { "category": "external", "summary": "CVE-2018-14718", "url": "https://access.redhat.com/security/cve/CVE-2018-14718" }, { "category": "external", "summary": "bz#1666415: CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415" } ], "release_date": "2018-07-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2019-01-02T00:00:00Z", "details": "Important" } ], "title": "CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class" }, { "cve": "CVE-2018-14719", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14719", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719" }, { "category": "external", "summary": "CVE-2018-14719", "url": "https://access.redhat.com/security/cve/CVE-2018-14719" }, { "category": "external", "summary": "bz#1666418: CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418" } ], "release_date": "2018-07-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2019-01-02T00:00:00Z", "details": "Important" } ], "title": "CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes" }, { "cve": "CVE-2018-14720", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-01-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1666423" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: exfiltration/XXE in some JDK classes", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14720", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14720" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14720", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14720" }, { "category": "external", "summary": "CVE-2018-14720", "url": "https://access.redhat.com/security/cve/CVE-2018-14720" }, { "category": "external", "summary": "bz#1666423: CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666423" } ], "release_date": "2018-07-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2019-01-02T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes" }, { "cve": "CVE-2018-14721", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2019-01-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1666428" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14721", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14721" }, { "category": "external", "summary": "CVE-2018-14721", "url": "https://access.redhat.com/security/cve/CVE-2018-14721" }, { "category": "external", "summary": "bz#1666428: CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666428" } ], "release_date": "2018-07-27T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2019-01-02T00:00:00Z", "details": "Moderate" } ], "title": "CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class" }, { "cve": "CVE-2018-19360", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19360", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360" }, { "category": "external", "summary": "CVE-2018-19360", "url": "https://access.redhat.com/security/cve/CVE-2018-19360" }, { "category": "external", "summary": "bz#1666482: CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482" } ], "release_date": "2018-11-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2019-01-02T00:00:00Z", "details": "Important" } ], "title": "CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class" }, { "cve": "CVE-2018-19361", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in openjpa class", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19361", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361" }, { "category": "external", "summary": "CVE-2018-19361", "url": "https://access.redhat.com/security/cve/CVE-2018-19361" }, { "category": "external", "summary": "bz#1666484: CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484" } ], "release_date": "2018-11-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2019-01-02T00:00:00Z", "details": "Important" } ], "title": "CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class" }, { "cve": "CVE-2018-19362", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in jboss-common-core class", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19362", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362" }, { "category": "external", "summary": "CVE-2018-19362", "url": "https://access.redhat.com/security/cve/CVE-2018-19362" }, { "category": "external", "summary": "bz#1666489: CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489" } ], "release_date": "2018-11-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2019-01-02T00:00:00Z", "details": "Important" } ], "title": "CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class" }, { "cve": "CVE-2019-14379", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-07-29T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: default typing mishandling leading to remote code execution", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14379", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379" }, { "category": "external", "summary": "CVE-2019-14379", "url": "https://access.redhat.com/security/cve/CVE-2019-14379" }, { "category": "external", "summary": "bz#1737517: CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517" } ], "release_date": "2019-07-23T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2019-07-29T00:00:00Z", "details": "Important" } ], "title": "CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution" }, { "cve": "CVE-2020-24750", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-09-18T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1882310" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24750", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24750" }, { "category": "external", "summary": "CVE-2020-24750", "url": "https://access.redhat.com/security/cve/CVE-2020-24750" }, { "category": "external", "summary": "bz#1882310: CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882310" } ], "release_date": "2020-09-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2020-09-18T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration" }, { "cve": "CVE-2020-35490", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-12-17T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1909266" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35490", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35490", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35490" }, { "category": "external", "summary": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2986", "url": "https://github.com/FasterXML/jackson-databind/issues/2986" }, { "category": "external", "summary": "CVE-2020-35490", "url": "https://access.redhat.com/security/cve/CVE-2020-35490" }, { "category": "external", "summary": "bz#1909266: CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909266" } ], "release_date": "2020-12-14T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2020-12-17T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource" }, { "cve": "CVE-2020-35491", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-12-17T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1909269" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35491", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35491" }, { "category": "external", "summary": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2986", "url": "https://github.com/FasterXML/jackson-databind/issues/2986" }, { "category": "external", "summary": "CVE-2020-35491", "url": "https://access.redhat.com/security/cve/CVE-2020-35491" }, { "category": "external", "summary": "bz#1909269: CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909269" } ], "release_date": "2020-12-14T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2020-12-17T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource" }, { "cve": "CVE-2020-35728", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-12-27T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1911502" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35728" }, { "category": "external", "summary": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2999", "url": "https://github.com/FasterXML/jackson-databind/issues/2999" }, { "category": "external", "summary": "CVE-2020-35728", "url": "https://access.redhat.com/security/cve/CVE-2020-35728" }, { "category": "external", "summary": "bz#1911502: CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911502" } ], "release_date": "2020-12-23T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2020-12-27T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool" }, { "cve": "CVE-2020-36179", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913871" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36179", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36179", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36179" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3004", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "category": "external", "summary": "CVE-2020-36179", "url": "https://access.redhat.com/security/cve/CVE-2020-36179" }, { "category": "external", "summary": "bz#1913871: CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913871" } ], "release_date": "2020-12-31T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS" }, { "cve": "CVE-2020-36180", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913872" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36180", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3004", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "category": "external", "summary": "CVE-2020-36180", "url": "https://access.redhat.com/security/cve/CVE-2020-36180" }, { "category": "external", "summary": "bz#1913872: CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913872" } ], "release_date": "2020-12-31T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS" }, { "cve": "CVE-2020-36181", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913874" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36181", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36181", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36181" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3004", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "category": "external", "summary": "CVE-2020-36181", "url": "https://access.redhat.com/security/cve/CVE-2020-36181" }, { "category": "external", "summary": "bz#1913874: CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913874" } ], "release_date": "2020-12-31T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS" }, { "cve": "CVE-2020-36182", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913926" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36182", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36182" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3004", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "category": "external", "summary": "CVE-2020-36182", "url": "https://access.redhat.com/security/cve/CVE-2020-36182" }, { "category": "external", "summary": "bz#1913926: CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913926" } ], "release_date": "2020-12-31T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS" }, { "cve": "CVE-2020-36183", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913927" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36183", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36183" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3003", "url": "https://github.com/FasterXML/jackson-databind/issues/3003" }, { "category": "external", "summary": "CVE-2020-36183", "url": "https://access.redhat.com/security/cve/CVE-2020-36183" }, { "category": "external", "summary": "bz#1913927: CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913927" } ], "release_date": "2020-12-31T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool" }, { "cve": "CVE-2020-36184", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913928" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36184", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36184", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36184" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2998", "url": "https://github.com/FasterXML/jackson-databind/issues/2998" }, { "category": "external", "summary": "CVE-2020-36184", "url": "https://access.redhat.com/security/cve/CVE-2020-36184" }, { "category": "external", "summary": "bz#1913928: CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913928" } ], "release_date": "2020-12-23T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource" }, { "cve": "CVE-2020-36185", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913929" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36185", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36185", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36185" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2998", "url": "https://github.com/FasterXML/jackson-databind/issues/2998" }, { "category": "external", "summary": "CVE-2020-36185", "url": "https://access.redhat.com/security/cve/CVE-2020-36185" }, { "category": "external", "summary": "bz#1913929: CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913929" } ], "release_date": "2020-12-23T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource" }, { "cve": "CVE-2020-36186", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913931" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36186", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36186", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36186" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2997", "url": "https://github.com/FasterXML/jackson-databind/issues/2997" }, { "category": "external", "summary": "CVE-2020-36186", "url": "https://access.redhat.com/security/cve/CVE-2020-36186" }, { "category": "external", "summary": "bz#1913931: CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913931" } ], "release_date": "2020-12-23T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource" }, { "cve": "CVE-2020-36187", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913933" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36187", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36187", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36187" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2997", "url": "https://github.com/FasterXML/jackson-databind/issues/2997" }, { "category": "external", "summary": "CVE-2020-36187", "url": "https://access.redhat.com/security/cve/CVE-2020-36187" }, { "category": "external", "summary": "bz#1913933: CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913933" } ], "release_date": "2020-12-23T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource" }, { "cve": "CVE-2020-36188", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913934" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36188", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36188", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36188" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2996", "url": "https://github.com/FasterXML/jackson-databind/issues/2996" }, { "category": "external", "summary": "CVE-2020-36188", "url": "https://access.redhat.com/security/cve/CVE-2020-36188" }, { "category": "external", "summary": "bz#1913934: CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913934" } ], "release_date": "2020-12-23T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource" }, { "cve": "CVE-2020-36189", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1913937" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36189", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36189" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2996", "url": "https://github.com/FasterXML/jackson-databind/issues/2996" }, { "category": "external", "summary": "CVE-2020-36189", "url": "https://access.redhat.com/security/cve/CVE-2020-36189" }, { "category": "external", "summary": "bz#1913937: CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913937" } ], "release_date": "2020-12-23T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2021-01-06T00:00:00Z", "details": "Important" } ], "title": "CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource" }, { "cve": "CVE-2021-20190", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-01-04T00:00:00Z", "flags": [ { "label": "component_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla", "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633" } ], "notes": [ { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-ansible-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-capacity:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-cluster-nfd-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-clusterresourceoverride-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-descheduler:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-dns-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-http-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-egress-router:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-proxy:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ghostunnel:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-helm-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-leader-elector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-diskmaker:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-local-storage-static-provisioner:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-eventrouter:v4.6.0-202104201259.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6:v4.6.0-202104161407.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator:v4.6.0-202104151601.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hadoop:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-helm-container-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-hive:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-presto:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-metering-reporting-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-feature-discovery:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-node-problem-detector-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-ptp:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-service-idler-rhel8:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-dp-admission-controller:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-infiniband-cni:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-config-daemon:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-device-plugin:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-network-webhook:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-sriov-operator-must-gather:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.6.0-202104151245.p0", "8Base-RHOSE-4.6:openshift4/ose-vertical-pod-autoscaler-rhel8:v4.6.0-202104151245.p0" ] }, "references": [ { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20190", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-5949-rw7g-wx7w", "url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w" }, { "category": "external", "summary": "CVE-2021-20190", "url": "https://access.redhat.com/security/cve/CVE-2021-20190" }, { "category": "external", "summary": "bz#1916633: CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633" } ], "release_date": "2021-01-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "details": "This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ], "url": "https://access.redhat.com/errata/RHSA-2021:1230" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6:v4.6.0-202104161407.p0" ] } ], "threats": [ { "category": "impact", "date": "2020-01-04T00:00:00Z", "details": "Important" } ], "title": "CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing" } ] }
rhsa-2021_1515
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Openshift Logging Bug Fix Release (5.0.3)\nThis release includes a security update.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Openshift Logging Bug Fix Release (5.0.3)\n\nSecurity Fix(es):\n\n* jackson-databind: arbitrary code execution in slf4j-ext class\n(CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and\nblaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in\naxis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class\n(CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in\njboss-common-core class (CVE-2018-19362)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* jackson-databind: Serialization gadgets in\ncom.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool\n(CVE-2020-35728)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\noadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource\n(CVE-2020-36184)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource\n(CVE-2020-36185)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource\n(CVE-2020-36186)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource\n(CVE-2020-36187)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource\n(CVE-2020-36188)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc\ne (CVE-2020-36189)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to javax.swing (CVE-2021-20190)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n(CVE-2018-14721)\n\n* golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:1515", "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "LOG-1224", "url": "https://issues.redhat.com/browse/LOG-1224" }, { "category": "external", "summary": "LOG-1232", "url": "https://issues.redhat.com/browse/LOG-1232" }, { "category": "external", "summary": "LOG-1234", "url": "https://issues.redhat.com/browse/LOG-1234" }, { "category": "external", "summary": "LOG-1299", "url": "https://issues.redhat.com/browse/LOG-1299" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1515.json" } ], "title": "Red Hat Security Advisory: Openshift Logging Bug Fix Release (5.0.3)", "tracking": { "current_release_date": "2024-11-05T23:32:06+00:00", "generator": { "date": "2024-11-05T23:32:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:1515", "initial_release_date": "2021-05-06T13:38:14+00:00", "revision_history": [ { "date": "2021-05-06T13:38:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-05-06T13:38:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:32:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.0", "product": { "name": "OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.0::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.3-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.3-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.3-1" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.3-2" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.0.3-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.3-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.0.3-6" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.3-1" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.0.3-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.0.3-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "product": { "name": "openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "product_id": "openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "product_identification_helper": { "purl": "pkg:oci/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.0.3-1" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.0.3-1" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64 as a component of OpenShift Logging 5.0", "product_id": "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" }, "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14718", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666415" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: arbitrary code execution in slf4j-ext class", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability in jackson-databind involves exploiting CVE-2018-1088 against slf4j, which was fixed in Red Hat products through the errata referenced at https://access.redhat.com/security/cve/cve-2018-8088. Applications that link only slf4j versions including that fix are not vulnerable to this vulnerability.\n\nRed Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle slf4j-ext jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14718" }, { "category": "external", "summary": "RHBZ#1666415", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666415" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14718", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14718" } ], "release_date": "2018-07-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: arbitrary code execution in slf4j-ext class" }, { "cve": "CVE-2018-14719", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666418" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using blaze classes. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products are not affected by this issue as they do not bundle or provide the requisite gadget jars to exploit this vulnerability:\nRed Hat Satellite 6\nRed Hat Enterprise Virtualization 4\nRed Hat Fuse 6, 7, and Fuse Integration Services 2\nRed Hat A-MQ 6", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14719" }, { "category": "external", "summary": "RHBZ#1666418", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666418" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14719", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14719" } ], "release_date": "2018-07-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes" }, { "cve": "CVE-2018-14720", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-01-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666423" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: exfiltration/XXE in some JDK classes", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its only supported Java runtime (openJDK) doesn\u0027t bundle the com.sun.deploy.security.ruleset.DRSHelper class.\n\nRed Hat Enterprise Virtualization 4 is not affected by this issue, since its only supported Java runtime (openJDK) doesn\u0027t bundle the com.sun.deploy.security.ruleset.DRSHelper class.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14720" }, { "category": "external", "summary": "RHBZ#1666423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666423" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14720", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14720" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14720", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14720" } ], "release_date": "2018-07-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: exfiltration/XXE in some JDK classes" }, { "cve": "CVE-2018-14721", "cwe": { "id": "CWE-352", "name": "Cross-Site Request Forgery (CSRF)" }, "discovery_date": "2019-01-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666428" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle axis2-jaxws jar.\n\nRed Hat Virtualization is not affected by this issue, since its does not bundle axis2-jaxws jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-14721" }, { "category": "external", "summary": "RHBZ#1666428", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666428" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-14721", "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14721", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14721" } ], "release_date": "2018-07-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.0" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class" }, { "cve": "CVE-2018-19360", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666482" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the axis2-transport-jms class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t include axis2-transport-jms jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since it does not include axis2-transport-jms jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-19360" }, { "category": "external", "summary": "RHBZ#1666482", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666482" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19360", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19360" } ], "release_date": "2018-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization in axis2-transport-jms class" }, { "cve": "CVE-2018-19361", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666484" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the OpenJPA class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in openjpa class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle openjpa jar.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-19361" }, { "category": "external", "summary": "RHBZ#1666484", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666484" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19361", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19361" } ], "release_date": "2018-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization in openjpa class" }, { "cve": "CVE-2018-19362", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-01-02T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1666489" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using the jboss-common-core class. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: improper polymorphic deserialization in jboss-common-core class", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.\n\nRed Hat Virtualization 4 is not affected by this issue, since its candlepin component doesn\u0027t bundle jboss-common-core jar.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-19362" }, { "category": "external", "summary": "RHBZ#1666489", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1666489" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-19362", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19362" } ], "release_date": "2018-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: improper polymorphic deserialization in jboss-common-core class" }, { "cve": "CVE-2019-14379", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2019-07-29T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1737517" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: default typing mishandling leading to remote code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nSimilarly, Satellite 6 does not enable polymorphic unmarshmalling, which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-14379" }, { "category": "external", "summary": "RHBZ#1737517", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1737517" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-14379", "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14379" } ], "release_date": "2019-07-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: default typing mishandling leading to remote code execution" }, { "cve": "CVE-2020-15586", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)" }, "discovery_date": "2020-07-14T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1856953" } ], "notes": [ { "category": "description", "text": "A flaw was found Go\u0027s net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP) components are primarily written in Go, meaning that any component using the net/http package includes the vulnerable code. OCP server endpoints using ReverseProxy are protected by authentication, reducing the severity of this vulnerability to Low for OCP.\n\nSimilar to OCP, OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization are also primarily written in Go and are protected via authentication, reducing the severity of this vulnerability to Low.\n\nRed Hat Gluster Storage 3 and Red Hat Openshift Container Storage 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.\n\nRed Hat Ceph Storage 3 and 4 components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-15586" }, { "category": "external", "summary": "RHBZ#1856953", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1856953" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-15586", "url": "https://www.cve.org/CVERecord?id=CVE-2020-15586" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15586" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ", "url": "https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ" } ], "release_date": "2020-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: data race in certain net/http servers including ReverseProxy can lead to DoS" }, { "cve": "CVE-2020-16845", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2020-08-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1867099" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Go encoding/binary package. Certain invalid inputs to the ReadUvarint or the ReadVarint causes those functions to read an unlimited number of bytes from the ByteReader argument before returning an error. This flaw possibly leads to processing more input than expected. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM), RedHat OpenShift Jaeger (RHOSJ) and OpenShift Virtualization components are primarily written in Go, meaning that any component using the encoding/binary package includes the vulnerable code. The affected components are behind OpenShift OAuth authentication, therefore the impact is low.\n\nRed Hat Gluster Storage 3, Red Hat OpenShift Container Storage 4 and Red Hat Ceph Storage (3 and 4) components are built with the affected version of Go, however the vulnerable functionality is currently not used by these products and hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-16845" }, { "category": "external", "summary": "RHBZ#1867099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1867099" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-16845", "url": "https://www.cve.org/CVERecord?id=CVE-2020-16845" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo", "url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs" }, { "cve": "CVE-2020-24750", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-09-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882310" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* OpenShift Container Platform\nThese products may update the jackson-databind dependency in a future release.\n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-24750" }, { "category": "external", "summary": "RHBZ#1882310", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882310" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-24750", "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-24750", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24750" } ], "release_date": "2020-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid com.pastdev.httpcomponents in the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration" }, { "cve": "CVE-2020-35490", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-12-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1909266" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, hence it has been marked wontfix at this time and may be fixed in a future update.\n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35490" }, { "category": "external", "summary": "RHBZ#1909266", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909266" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35490", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35490", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35490" }, { "category": "external", "summary": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2986", "url": "https://github.com/FasterXML/jackson-databind/issues/2986" } ], "release_date": "2020-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid org.apache.commons.dbcp2.datasources.PerUserPoolDataSource and org.apache.commons.dbcp2.datasources.SharedPoolDataSource in the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource" }, { "cve": "CVE-2020-35491", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-12-17T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1909269" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, hence it has been marked wontfix at this time and may be fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35491" }, { "category": "external", "summary": "RHBZ#1909269", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909269" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35491", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35491", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35491" }, { "category": "external", "summary": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2986", "url": "https://github.com/FasterXML/jackson-databind/issues/2986" } ], "release_date": "2020-12-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid org.apache.commons.dbcp2.datasources.PerUserPoolDataSource and org.apache.commons.dbcp2.datasources.SharedPoolDataSource in the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource" }, { "cve": "CVE-2020-35728", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-12-27T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1911502" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat Products ship jackson-databind version 2.10.0 or later which is not considered affected by this CVE (see https://medium.com/@cowtowncoder/jackson-2-10-safe-default-typing-2d018f0ce2ba) \n* JBoss Data Grid 7\n* JBoss Data Grid 8\n* Enterprise Application Platform 7\n* Red Hat Decision Manager 7\n* Red Hat Process Automation Manager 7\n* Red Hat Single Sign-On (RH-SSO) 7\n* Red Hat JBoss Fuse 7\n* Red Hat JBoss A-MQ\n* Red Hat Enterprise Linux 8\n* Red Hat Satellite 6.6\n* Red Hat Satellite 6.7\n* Red Hat Satellite 6.8\n* Red Hat CodeReady Studio 12\n\nRed Hat OpenShift Container Platform and Red Hat OpenStack Platform does ship the vulnerable components, but does not enable the unsafe conditions needed to exploit, lowering their vulnerability impact.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, hence it has been marked wontfix at this time and may be fixed in a future update.\n\nRed Hat OpenStack Platform 13 ships OpenDaylight, which contains the vulnerable jackson-databind, but does not expose jackson-databind in a way that would make it exploitable. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-35728" }, { "category": "external", "summary": "RHBZ#1911502", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1911502" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-35728", "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-35728", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35728" }, { "category": "external", "summary": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2999", "url": "https://github.com/FasterXML/jackson-databind/issues/2999" } ], "release_date": "2020-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool in the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool" }, { "cve": "CVE-2020-36179", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913871" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and may be fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36179" }, { "category": "external", "summary": "RHBZ#1913871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913871" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36179", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36179", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36179" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3004", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" } ], "release_date": "2020-12-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS" }, { "cve": "CVE-2020-36180", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913872" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and may be fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36180" }, { "category": "external", "summary": "RHBZ#1913872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913872" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36180", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3004", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" } ], "release_date": "2020-12-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS" }, { "cve": "CVE-2020-36181", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913874" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and may be fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but does not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36181" }, { "category": "external", "summary": "RHBZ#1913874", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913874" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36181", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36181", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36181" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3004", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" } ], "release_date": "2020-12-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS" }, { "cve": "CVE-2020-36182", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913926" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and may be fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36182" }, { "category": "external", "summary": "RHBZ#1913926", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913926" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36182", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36182", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36182" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3004", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" } ], "release_date": "2020-12-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS" }, { "cve": "CVE-2020-36183", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913927" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and may be fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36183" }, { "category": "external", "summary": "RHBZ#1913927", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913927" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36183", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36183", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36183" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/3003", "url": "https://github.com/FasterXML/jackson-databind/issues/3003" } ], "release_date": "2020-12-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool" }, { "cve": "CVE-2020-36184", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913928" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and may be fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36184" }, { "category": "external", "summary": "RHBZ#1913928", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913928" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36184", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36184", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36184" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2998", "url": "https://github.com/FasterXML/jackson-databind/issues/2998" } ], "release_date": "2020-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource" }, { "cve": "CVE-2020-36185", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913929" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and maybe fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36185" }, { "category": "external", "summary": "RHBZ#1913929", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913929" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36185", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36185", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36185" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2998", "url": "https://github.com/FasterXML/jackson-databind/issues/2998" } ], "release_date": "2020-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource" }, { "cve": "CVE-2020-36186", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913931" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and maybe fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contain the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36186" }, { "category": "external", "summary": "RHBZ#1913931", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913931" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36186", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36186", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36186" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2997", "url": "https://github.com/FasterXML/jackson-databind/issues/2997" } ], "release_date": "2020-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource" }, { "cve": "CVE-2020-36187", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913933" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and maybe fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contain the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36187" }, { "category": "external", "summary": "RHBZ#1913933", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913933" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36187", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36187", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36187" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2997", "url": "https://github.com/FasterXML/jackson-databind/issues/2997" } ], "release_date": "2020-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource" }, { "cve": "CVE-2020-36188", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913934" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, hence it has been marked wontfix at this time and maybe fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but they do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36188" }, { "category": "external", "summary": "RHBZ#1913934", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913934" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36188", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36188", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36188" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2996", "url": "https://github.com/FasterXML/jackson-databind/issues/2996" } ], "release_date": "2020-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource" }, { "cve": "CVE-2020-36189", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2021-01-06T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1913937" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and maybe fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-36189" }, { "category": "external", "summary": "RHBZ#1913937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1913937" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-36189", "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36189", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36189" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2996", "url": "https://github.com/FasterXML/jackson-databind/issues/2996" } ], "release_date": "2020-12-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid: oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS, org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS, org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool, org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource, org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource, com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource, com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\nin the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource" }, { "cve": "CVE-2021-20190", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-01-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1916633" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing", "title": "Vulnerability summary" }, { "category": "other", "text": "The following Red Hat products do ship the vulnerable component, but do not enable the unsafe conditions needed to exploit, lowering their vulnerability impact:\n* JBoss Data Grid 7\n* Business Process Management Suite 6\n* Business Rules Management Suite 6\n* JBoss Data Virtualization 6\n* Red Hat Fuse Service Works 6\n* Red Hat OpenStack Platform\n* Red Hat OpenShift containers: ose-metering-hadoop, ose-metering-hive, ose-logging-elasticsearch5, ose-logging-elasticsearch6 \nThese products may update the jackson-databind dependency in a future release.\n\nIn Red Hat Openshift 4 there are no plans to maintain the ose-logging-elasticsearch5 container, therefore it has been marked wontfix at this time and may be fixed in a future update. \n\nThe following Red Hat products ship OpenDaylight, which contains the vulnerable jackson-databind, but do not expose jackson-databind in a way that would make it exploitable:\n* Red Hat OpenStack Platform 13\nAs such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe following Red Hat products are not affected by this flaw because they use a more recent version of jackson-databind that does not contain the vulnerable code:\n* CodeReady Studio 12.16.0\n* CodeReady WorkSpaces Server Container\n* Red Hat Enterprise Linux 8\n* Red Hat Enterprise Virtualization\n* Red Hat Satellite 6\n* Red Hat OpenShift container: ose-metering-presto", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-20190" }, { "category": "external", "summary": "RHBZ#1916633", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916633" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-20190", "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20190" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-5949-rw7g-wx7w", "url": "https://github.com/advisories/GHSA-5949-rw7g-wx7w" } ], "release_date": "2021-01-16T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-05-06T13:38:14+00:00", "details": "For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nFor Red Hat OpenShift Logging 5.0, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:1515" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`\n* avoid javax.swing in the classpath", "product_ids": [ "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-operator-bundle@sha256:523e689589595cff9ee11393506309c00d23bf8fb945e1475aeeffea3d517897_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:0b3edcd073a1f331c011ebcd4aaa8371f9114b78a48e590df450e1e9006404c3_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:c143f6d1ec4d3d9a917a99c65815752e24e93a5be212c8d41a7f945ffffa67cf_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/cluster-logging-rhel8-operator@sha256:f42594e7760bf45ccba9d0494391b07b355d147a8ccfae3db602bceb74d8e35f_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-operator-bundle@sha256:1a88af8ae614593144ab405214444d954aa97ba13baa6ccf3b3498b424f983df_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:667a65330c7ed33805c30896ff9fa979c1aeed8883eb31750af9802f6feb7034_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:a78c13c0c3f17432dee6d22756d6656afffe33081a1db5fad0ab68798fb92580_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-proxy-rhel8@sha256:b2359332ffb463d8af90bcc6871b0a5ff4e79ce82243ba89ace96e18e05964fa_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0264dd99af5af4a7a30c2b5830e52980fc59d050cc940f191b32e09df284292a_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:0dc6a56baad15c9fa6d0669f6f59ba1c6b444ef75e5d2893fa4bdd970bdfe88b_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch-rhel8-operator@sha256:af5c18868820a4d139ad9c7d6a1d0a78396d96deb455b00a918c7eaf2ffbaa8b_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:3b08518f62a113a06a16ca3bcccbc128703f34815d66162426daabfd9740b2c4_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:4e8a4d0bf152d8f50114d13ce51868506570825123b8df4eed426f524c01bde3_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/eventrouter-rhel8@sha256:7a17b1b04fd0d9ae66ad0dfaacbf9bebe44f77449763cd82bd172551c8dd5906_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:508186184b17d924659ad9dcaa468cd4086bbe958b4dac1a6297e7cd4f88a418_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:c9d56d0bfd800bd72c990829b81676a261c288f783ab44788feffdaa00bd069c_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/fluentd-rhel8@sha256:ea0fb56298089dfd6ea04c4933e6e15668fe422b60b521cf1388783797ac7852_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:06f31605e19bd7f702e403b815b961f125d92466e208428547069b3712c7a20e_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:6348d3a07a76aa6eb90d1689cdf67a45559e752aec70d06261596f09d7ebca4f_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/kibana6-rhel8@sha256:c140c1da34f8cb38864f92201ac8c9aa6981318d1bd4ebf87cea698fdb80a6d7_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:7904a53e3117acf2baeae3911c6d1cdfb78964080bf5ff3ff5bff531ca6ef366_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:adbab231c9403261c85b6e4ff2c81c0d19e206106df60fd1551c9e30cb2d83f7_s390x", "8Base-OSE-LOGGING-5.0:openshift-logging/logging-curator5-rhel8@sha256:bb16d7f7ef2310afacf12a11808c3b792ed1f30929ef9a62ff9b094d3d8512cc_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:30491b87e69ba242c3eacb607c71c13a9957962c0ae75d63fbb1f7aff12e268b_ppc64le", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:614d1860d95c7e9a84ee68bb507f9970d0af63a7df3e744bd5e5a08a2a617914_amd64", "8Base-OSE-LOGGING-5.0:openshift-logging/elasticsearch6-rhel8@sha256:9dbe9316331f9b7725f39d00dc2bc8433482750c8178066b002682894f92ed87_s390x" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing" } ] }
var-202101-1932
Vulnerability from variot
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: OpenShift Container Platform 4.6.26 security and extras update Advisory ID: RHSA-2021:1230-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:1230 Issue date: 2021-04-27 CVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 CVE-2021-20190 =====================================================================
- Summary:
Red Hat OpenShift Container Platform release 4.6.26 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
- Solution:
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.26. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. References:
https://access.redhat.com/security/cve/CVE-2018-14718 https://access.redhat.com/security/cve/CVE-2018-14719 https://access.redhat.com/security/cve/CVE-2018-14720 https://access.redhat.com/security/cve/CVE-2018-14721 https://access.redhat.com/security/cve/CVE-2018-19360 https://access.redhat.com/security/cve/CVE-2018-19361 https://access.redhat.com/security/cve/CVE-2018-19362 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-35490 https://access.redhat.com/security/cve/CVE-2020-35491 https://access.redhat.com/security/cve/CVE-2020-35728 https://access.redhat.com/security/cve/CVE-2020-36179 https://access.redhat.com/security/cve/CVE-2020-36180 https://access.redhat.com/security/cve/CVE-2020-36181 https://access.redhat.com/security/cve/CVE-2020-36182 https://access.redhat.com/security/cve/CVE-2020-36183 https://access.redhat.com/security/cve/CVE-2020-36184 https://access.redhat.com/security/cve/CVE-2020-36185 https://access.redhat.com/security/cve/CVE-2020-36186 https://access.redhat.com/security/cve/CVE-2020-36187 https://access.redhat.com/security/cve/CVE-2020-36188 https://access.redhat.com/security/cve/CVE-2020-36189 https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-20190 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi 2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC xe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7 6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD 8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe pDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6 JtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL 2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi 9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0 uef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO xkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL zm97KOYD3LQ= =CKcx -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . JIRA issues fixed (https://issues.jboss.org/):
LOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected LOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn't gather event logs. LOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4] LOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error "state=error: certificate verify failed (unable to get local issuer certificate)"
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-1932", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "communications session report manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.5.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "communications pricing design center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.4.0" }, { "model": "retail customer management and segmentation foundation", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "16.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "commerce platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.2" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.6.7.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.1.3.2" }, { "model": "communications instant messaging server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "10.0.1.5.0" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "banking treasury management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "4.4" }, { "model": "retail merchandising system", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "data integrator", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.0.2" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "18.8.0" }, { "model": "communications element manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.4.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "retail customer management and segmentation foundation", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.0" }, { "model": "communications unified inventory management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.4.1" }, { "model": "communications convergent charging controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "19.12.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.3.0" }, { "model": "insurance rules palette", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "jd edwards enterpriseone orchestrator", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "goldengate application adapters", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.1.0.0.0" }, { "model": "insurance rules palette", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "communications diameter signaling route", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.5.0.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0" }, { "model": "insurance rules palette", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.5.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.8" }, { "model": "communications diameter signaling route", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "communications services gatekeeper", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "19.12.10" }, { "model": "communications session report manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0.0" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.7.0" }, { "model": "primavera gateway", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.12.0" }, { "model": "insurance policy administration", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.0.2" }, { "model": "insurance policy administration", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.1.0" }, { "model": "primavera gateway", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12.0" }, { "model": "communications session route manager", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.2.2.1" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.2" }, { "model": "communications offline mediation controller", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5.0" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "15.0.3.1" }, { "model": "communications network charging and control", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.4.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "banking corporate lending process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "webcenter portal", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.2.1.4.0" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "18.8.11" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.3" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "banking virtual account management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2.0" }, { "model": "communications element manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "banking extensibility workbench", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "communications cloud native core policy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.14.0" }, { "model": "communications cloud native core unified data repository", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.4.0" }, { "model": "communications evolved communications application server", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.1" }, { "model": "communications session route manager", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.2.0.0" }, { "model": "agile plm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "9.3.6" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jackson-databind", "scope": "lt", "trust": 1.0, "vendor": "fasterxml", "version": "2.9.10.8" }, { "model": "autovue for agile product lifecycle management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.2" }, { "model": "banking credit facilities process management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.2" }, { "model": "commerce platform", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "11.2.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "17.0.4" }, { "model": "jackson-databind", "scope": "gte", "trust": 1.0, "vendor": "fasterxml", "version": "2.0.0" }, { "model": "service level manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "commerce platform", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "7.5.0.23.0" }, { "model": "blockchain platform", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "21.1.2" }, { "model": "communications billing and revenue management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.0.0.3.0" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "18.0.3" }, { "model": "insurance policy administration", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "11.3.0" }, { "model": "primavera gateway", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12.11" }, { "model": "application testing suite", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.3.0.1" }, { "model": "banking supply chain finance", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "14.5" }, { "model": "retail service backbone", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.3.0" }, { "model": "documaker", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.4" }, { "model": "retail xstore point of service", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "16.0.6" }, { "model": "service level manager", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "jackson-databind", "scope": null, "trust": 0.8, "vendor": "fasterxml", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "NVD", "id": "CVE-2020-36180" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.9.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-36180" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ], "trust": 0.8 }, "cve": "CVE-2020-36180", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-36180", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381447", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2020-36180", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-36180", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-326", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-381447", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-36180", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. FasterXML jackson-databind There is a vulnerability in deserialization of untrusted data.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. FasterXML jackson-databind is a library based on JAVA that can convert data formats such as XML and JSON to JAVA objects. Jackson can easily convert Java objects into json objects and xml documents, as well as convert json and xml into Java objects. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: OpenShift Container Platform 4.6.26 security and extras update\nAdvisory ID: RHSA-2021:1230-01\nProduct: Red Hat OpenShift Enterprise\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1230\nIssue date: 2021-04-27\nCVE Names: CVE-2018-14718 CVE-2018-14719 CVE-2018-14720 \n CVE-2018-14721 CVE-2018-19360 CVE-2018-19361 \n CVE-2018-19362 CVE-2019-14379 CVE-2020-24750 \n CVE-2020-35490 CVE-2020-35491 CVE-2020-35728 \n CVE-2020-36179 CVE-2020-36180 CVE-2020-36181 \n CVE-2020-36182 CVE-2020-36183 CVE-2020-36184 \n CVE-2020-36185 CVE-2020-36186 CVE-2020-36187 \n CVE-2020-36188 CVE-2020-36189 CVE-2021-3449 \n CVE-2021-20190 \n=====================================================================\n\n1. Summary:\n\nRed Hat OpenShift Container Platform release 4.6.26 is now available with\nupdates to packages and images that fix several bugs and add enhancements. \nThis release includes a security update for Red Hat OpenShift Container\nPlatform 4.6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\n3. Solution:\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.26. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-14718\nhttps://access.redhat.com/security/cve/CVE-2018-14719\nhttps://access.redhat.com/security/cve/CVE-2018-14720\nhttps://access.redhat.com/security/cve/CVE-2018-14721\nhttps://access.redhat.com/security/cve/CVE-2018-19360\nhttps://access.redhat.com/security/cve/CVE-2018-19361\nhttps://access.redhat.com/security/cve/CVE-2018-19362\nhttps://access.redhat.com/security/cve/CVE-2019-14379\nhttps://access.redhat.com/security/cve/CVE-2020-24750\nhttps://access.redhat.com/security/cve/CVE-2020-35490\nhttps://access.redhat.com/security/cve/CVE-2020-35491\nhttps://access.redhat.com/security/cve/CVE-2020-35728\nhttps://access.redhat.com/security/cve/CVE-2020-36179\nhttps://access.redhat.com/security/cve/CVE-2020-36180\nhttps://access.redhat.com/security/cve/CVE-2020-36181\nhttps://access.redhat.com/security/cve/CVE-2020-36182\nhttps://access.redhat.com/security/cve/CVE-2020-36183\nhttps://access.redhat.com/security/cve/CVE-2020-36184\nhttps://access.redhat.com/security/cve/CVE-2020-36185\nhttps://access.redhat.com/security/cve/CVE-2020-36186\nhttps://access.redhat.com/security/cve/CVE-2020-36187\nhttps://access.redhat.com/security/cve/CVE-2020-36188\nhttps://access.redhat.com/security/cve/CVE-2020-36189\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-20190\nhttps://access.redhat.com/security/updates/classification/#important\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYIfTktzjgjWX9erEAQg+8A//QGo1YBtlmSC7RqagNERfByPYx5YNGlfi\n2RIAMqi0QrGUVuvnQxQUs5Zm9sLF559qyH56geUi2q4ICVr+rgAeUhLtsx6GLuJC\nxe9w4Gz8ozN6jIvTGKPx9lnTafIvR+ddgUPk389Eqo6PDPWlw7PHvaBlNHa8hGF7\n6rUnTdED/G+JnXANJnAkvc+gW0BLeAYaOI+1wTOx1neicwfa+POqC8rCzYl8ESjD\n8NlVG3+wu0pZK9zRTBg67TcPi+bsdyh4R6w4Uxg0w1vJkN6IdUHd+CDhqJzNDpNe\npDHqPm5zAwe4iTDrV1+FJQYpx6iy9oeSPiAD/+L/JRGZ51ij5eLHpxbeL8SzpcH6\nJtOpYrxVktvihnVydP1ALYlQpQvAUkmY3EcE7flNujebJNlG1MFwctaxHtDarXTL\n2m4mlI4ccX2kHPYt/t0GYchRf2e7kA6Ph12SpV3tNC3zCn9JGZva4OXpyyQmvmHi\n9PMifX/XTU5k4k6xXZE5ljo0YOnnKlM/4mDGBxGFiNGcsQSZhnhCALI1W6U6oGK0\nuef8BrOrEFx9UHENIEqoRYp2T7d6EO3oA/mTfl3H8Ddi1qyg/U1mwJw2aE5hOTVO\nxkXaBb1nCb2SxcW6kMbcCeSJX9qSclcNetQI9/HrF3lxC/eCpNk5B4F6Q2AztXbL\nzm97KOYD3LQ=\n=CKcx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1224 - Release 5.0 - ClusterLogForwarder namespace-specific log forwarding does not work as expected\nLOG-1232 - 5.0 - Bug 1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \nLOG-1234 - CVE-2020-15586 CVE-2020-16845 openshift-eventrouter: various flaws [openshift-4]\nLOG-1299 - Release 5.0 Forwarding logs to Kafka using Chained certificates fails with error \"state=error: certificate verify failed (unable to get local issuer certificate)\"\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-36180", "trust": 2.8 }, { "db": "PACKETSTORM", "id": "162493", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-002836", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021110515", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021050708", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022060909", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042826", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1397", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1573", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-326", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-381447", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-36180", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "id": "VAR-202101-1932", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381447" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:46:04.797000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NTAP-20210205-0005", "trust": 0.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "title": "FasterXML jackson-databind Fixes for code issue vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=138933" }, { "title": "IBM: Security Bulletin: IBM Security Guardium is affected by a jackson-databind vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d264422afa3e01b012ccac75b242e1cb" }, { "title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-128" }, { "title": "IBM: Security Bulletin: z/Transaction Processing Facility is affected by multiple vulnerabilities in the jackson-databind, jackson-dataformat-xml, jackson-core, slf4j-ext, and cxf-core packages", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f974282a27702bae4111bf7716ee6cf6" }, { "title": "CVE-2020-36179", "trust": 0.1, "url": "https://github.com/al1ex/cve-2020-36179 " }, { "title": "Al1ex", "trust": 0.1, "url": "https://github.com/al1ex/al1ex " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-502", "trust": 1.1 }, { "problemtype": "Deserialization of untrusted data (CWE-502) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "NVD", "id": "CVE-2020-36180" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "trust": 1.8, "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "trust": 1.8, "url": "https://github.com/fasterxml/jackson-databind/issues/3004" }, { "trust": 1.8, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180" }, { "trust": 0.7, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-6/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022060909" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-vulnerabilities-cve-2020-36185-36181-36189-36188-36184-36180-impacts-ibm-aspera-high-speed-transfer-server-and-aspera-high-speed-transfer-endpoint-versions-prior-to/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162493/red-hat-security-advisory-2021-1515-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1437" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6455267" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021110515" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042826" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6528214" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-jackson-databind-affects-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1573" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6525182" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-network-performance-insight-1-3-1-was-affected-by-multiple-vulnerabilities-in-jackson-databind/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-8/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-jackson-databind-vulnerability-7/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-and-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021050708" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162350/red-hat-security-advisory-2021-1230-01.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35491" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35490" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36180" }, { "trust": 0.2, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36183" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36188" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36179" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36182" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36185" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-24750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36186" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36187" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36189" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/502.html" }, { "trust": 0.1, "url": "https://github.com/al1ex/cve-2020-36179" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1230" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhba-2021:1232" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-2163" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-u" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1515" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381447" }, { "db": "VULMON", "id": "CVE-2020-36180" }, { "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "db": "PACKETSTORM", "id": "162350" }, { "db": "PACKETSTORM", "id": "162493" }, { "db": "NVD", "id": "CVE-2020-36180" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-01-07T00:00:00", "db": "VULHUB", "id": "VHN-381447" }, { "date": "2021-01-07T00:00:00", "db": "VULMON", "id": "CVE-2020-36180" }, { "date": "2021-10-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "date": "2021-04-27T15:37:46", "db": "PACKETSTORM", "id": "162350" }, { "date": "2021-05-06T15:03:00", "db": "PACKETSTORM", "id": "162493" }, { "date": "2021-01-07T00:15:14.913000", "db": "NVD", "id": "CVE-2020-36180" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-01-06T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-09-02T00:00:00", "db": "VULHUB", "id": "VHN-381447" }, { "date": "2022-09-02T00:00:00", "db": "VULMON", "id": "CVE-2020-36180" }, { "date": "2021-10-06T01:05:00", "db": "JVNDB", "id": "JVNDB-2021-002836" }, { "date": "2023-09-13T14:56:32.590000", "db": "NVD", "id": "CVE-2020-36180" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-326" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-326" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FasterXML\u00a0jackson-databind\u00a0 Untrusted Data Deserialization Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-002836" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
ghsa-8c4j-34r4-xr8g
Vulnerability from github
FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "com.fasterxml.jackson.core:jackson-databind" }, "ranges": [ { "events": [ { "introduced": "2.7.0" }, { "fixed": "2.9.10.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "com.fasterxml.jackson.core:jackson-databind" }, "ranges": [ { "events": [ { "introduced": "2.0.0" }, { "fixed": "2.6.7.5" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-36180" ], "database_specific": { "cwe_ids": [ "CWE-502" ], "github_reviewed": true, "github_reviewed_at": "2021-03-18T23:36:46Z", "nvd_published_at": "2021-01-07T00:15:00Z", "severity": "HIGH" }, "details": "FasterXML jackson-databind 2.x before 2.9.10.8 and 2.6.7.5 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GHSA-8c4j-34r4-xr8g", "modified": "2023-09-14T16:13:00Z", "published": "2021-12-09T19:16:18Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36180" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "type": "WEB", "url": "https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b" }, { "type": "WEB", "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "type": "PACKAGE", "url": "https://github.com/FasterXML/jackson-databind" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20210205-0005" }, { "type": "WEB", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Unsafe Deserialization in jackson-databind" }
gsd-2020-36180
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2020-36180", "description": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GSD-2020-36180", "references": [ "https://www.suse.com/security/cve/CVE-2020-36180.html", "https://access.redhat.com/errata/RHSA-2021:1515", "https://access.redhat.com/errata/RHSA-2021:1230" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2020-36180" ], "details": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.", "id": "GSD-2020-36180", "modified": "2023-12-13T01:21:56.116422Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36180", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "refsource": "MISC", "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "name": "https://github.com/FasterXML/jackson-databind/issues/3004", "refsource": "MISC", "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "https://security.netapp.com/advisory/ntap-20210205-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[2.9.0,2.9.10.8)", "affected_versions": "All versions starting from 2.9.0 before 2.9.10.8", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-502", "CWE-937" ], "date": "2021-11-17", "description": "FasterXML jackson-databind mishandles the interaction between serialization gadgets and typing, related to `org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS`.", "fixed_versions": [ "2.9.10.8" ], "identifier": "CVE-2020-36180", "identifiers": [ "CVE-2020-36180" ], "not_impacted": "All versions before 2.9.0, all versions starting from 2.9.10.8", "package_slug": "maven/com.fasterxml.jackson.core/jackson-databind", "pubdate": "2021-01-07", "solution": "Upgrade to version 2.9.10.8 or above.", "title": "Deserialization of Untrusted Data", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2020-36180" ], "uuid": "49897f0d-c8b7-462c-b5df-4b457beaa9c3" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.2", "versionStartIncluding": "11.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.2.5.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.3.0", "versionStartIncluding": "11.1.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_treasury_management:4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.12.10", "versionStartIncluding": "19.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.8.11", "versionStartIncluding": "18.8.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "19.0", "versionStartIncluding": "16.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.5.0.0", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.2.1", "versionStartIncluding": "8.0.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:banking_extensibility_workbench:14.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.2.4.0", "versionStartIncluding": "8.2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "21.1.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.6.7.5", "versionStartIncluding": "2.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.9.10.8", "versionStartIncluding": "2.7.0", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-36180" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-502" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/FasterXML/jackson-databind/issues/3004", "refsource": "MISC", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ], "url": "https://github.com/FasterXML/jackson-databind/issues/3004" }, { "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", "refsource": "MISC", "tags": [ "Exploit", "Technical Description", "Third Party Advisory" ], "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" }, { "name": "https://security.netapp.com/advisory/ntap-20210205-0005/", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210205-0005/" }, { "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "N/A", "refsource": "N/A", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9 } }, "lastModifiedDate": "2023-09-13T14:56Z", "publishedDate": "2021-01-07T00:15Z" } } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.